################################################################
# abuse.ch URLhaus IDS ruleset (Snort / Suricata)              #
# Last updated: 2025-03-15 00:04:05 (UTC)                      #
#                                                              #
# Terms Of Use: https://urlhaus.abuse.ch/api/                  #
# For questions please contact urlhaus [at] abuse.ch           #
################################################################
#
# url
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.231.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3477837/; classtype:trojan-activity;sid:84340937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.153.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3477834/; classtype:trojan-activity;sid:84340934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.80.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3477832/; classtype:trojan-activity;sid:84340932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.255.13.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3477831/; classtype:trojan-activity;sid:84340931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.184.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3477829/; classtype:trojan-activity;sid:84340929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.228.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477828/; classtype:trojan-activity;sid:84340928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.242.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477827/; classtype:trojan-activity;sid:84340927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.198.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477826/; classtype:trojan-activity;sid:84340926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.13.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477825/; classtype:trojan-activity;sid:84340925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.222.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477824/; classtype:trojan-activity;sid:84340924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477823/; classtype:trojan-activity;sid:84340923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.210.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477821/; classtype:trojan-activity;sid:84340921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.184.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477822/; classtype:trojan-activity;sid:84340922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.132.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477820/; classtype:trojan-activity;sid:84340920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.146.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477819/; classtype:trojan-activity;sid:84340919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.93.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477818/; classtype:trojan-activity;sid:84340918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.141.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477817/; classtype:trojan-activity;sid:84340917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.12.15.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477813/; classtype:trojan-activity;sid:84340913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.221.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477814/; classtype:trojan-activity;sid:84340914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.209.66.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477815/; classtype:trojan-activity;sid:84340915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.209.66.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477816/; classtype:trojan-activity;sid:84340916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477812)"; flow:established,from_client; content:"GET"; http_method; content:"/8e3vyupgqe.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.saunatriceps.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477812/; classtype:trojan-activity;sid:84340912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.239.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477811/; classtype:trojan-activity;sid:84340911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.233.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477810/; classtype:trojan-activity;sid:84340910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.92.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477809/; classtype:trojan-activity;sid:84340909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.86.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477808/; classtype:trojan-activity;sid:84340908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477807/; classtype:trojan-activity;sid:84340907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.39.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477806/; classtype:trojan-activity;sid:84340906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.222.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477805/; classtype:trojan-activity;sid:84340905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.177.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477804/; classtype:trojan-activity;sid:84340904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.115.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477802/; classtype:trojan-activity;sid:84340902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.239.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477803/; classtype:trojan-activity;sid:84340903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.147.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477801/; classtype:trojan-activity;sid:84340901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477800/; classtype:trojan-activity;sid:84340900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.39.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477799/; classtype:trojan-activity;sid:84340899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.54.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477798/; classtype:trojan-activity;sid:84340898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.177.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477797/; classtype:trojan-activity;sid:84340897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.48.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477796/; classtype:trojan-activity;sid:84340896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.76.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477795/; classtype:trojan-activity;sid:84340895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.124.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477794/; classtype:trojan-activity;sid:84340894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477793)"; flow:established,from_client; content:"GET"; http_method; content:"/yg8ggeg343.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.saunatriceps.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477793/; classtype:trojan-activity;sid:84340893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.54.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477792/; classtype:trojan-activity;sid:84340892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.48.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477791/; classtype:trojan-activity;sid:84340891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.133.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477790/; classtype:trojan-activity;sid:84340890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.248.10.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477789/; classtype:trojan-activity;sid:84340889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.192.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477788/; classtype:trojan-activity;sid:84340888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.129.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477787/; classtype:trojan-activity;sid:84340887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.78.39.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477786/; classtype:trojan-activity;sid:84340886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.211.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477785/; classtype:trojan-activity;sid:84340885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.138.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477784/; classtype:trojan-activity;sid:84340884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477783/; classtype:trojan-activity;sid:84340883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.6.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477782/; classtype:trojan-activity;sid:84340882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.129.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477781/; classtype:trojan-activity;sid:84340881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477780/; classtype:trojan-activity;sid:84340880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.101.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477779/; classtype:trojan-activity;sid:84340879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.211.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477777/; classtype:trojan-activity;sid:84340877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.78.39.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477778/; classtype:trojan-activity;sid:84340878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.211.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477776/; classtype:trojan-activity;sid:84340876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477775/; classtype:trojan-activity;sid:84340875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.139.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477774/; classtype:trojan-activity;sid:84340874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.74.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477773/; classtype:trojan-activity;sid:84340873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.62.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477772/; classtype:trojan-activity;sid:84340872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.179.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477771/; classtype:trojan-activity;sid:84340871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477770)"; flow:established,from_client; content:"GET"; http_method; content:"/zjybqfoj9e.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.saunatriceps.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477770/; classtype:trojan-activity;sid:84340870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.215.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477769/; classtype:trojan-activity;sid:84340869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.126.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477767/; classtype:trojan-activity;sid:84340867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.12.15.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477768/; classtype:trojan-activity;sid:84340868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.139.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477766/; classtype:trojan-activity;sid:84340866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.211.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477765/; classtype:trojan-activity;sid:84340865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.75.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477764/; classtype:trojan-activity;sid:84340864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.173.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477763/; classtype:trojan-activity;sid:84340863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.6.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477762/; classtype:trojan-activity;sid:84340862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.146.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477761/; classtype:trojan-activity;sid:84340861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.181.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477760/; classtype:trojan-activity;sid:84340860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477759/; classtype:trojan-activity;sid:84340859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.254.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477758/; classtype:trojan-activity;sid:84340858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477757/; classtype:trojan-activity;sid:84340857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.173.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477756/; classtype:trojan-activity;sid:84340856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477755/; classtype:trojan-activity;sid:84340855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.213.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477754/; classtype:trojan-activity;sid:84340854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.138.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477750/; classtype:trojan-activity;sid:84340850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.146.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477751/; classtype:trojan-activity;sid:84340851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.64.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477752/; classtype:trojan-activity;sid:84340852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477753/; classtype:trojan-activity;sid:84340853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.251.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477746/; classtype:trojan-activity;sid:84340846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477747/; classtype:trojan-activity;sid:84340847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.181.64.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477748/; classtype:trojan-activity;sid:84340848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.169.154.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477749/; classtype:trojan-activity;sid:84340849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.246.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477745/; classtype:trojan-activity;sid:84340845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.147.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477744/; classtype:trojan-activity;sid:84340844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477743/; classtype:trojan-activity;sid:84340843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477742/; classtype:trojan-activity;sid:84340842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.95.212.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477741/; classtype:trojan-activity;sid:84340841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.42.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477740/; classtype:trojan-activity;sid:84340840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477739)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477739/; classtype:trojan-activity;sid:84340839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477738)"; flow:established,from_client; content:"GET"; http_method; content:"/test.bot.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477738/; classtype:trojan-activity;sid:84340838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477728)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477728/; classtype:trojan-activity;sid:84340828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477729)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477729/; classtype:trojan-activity;sid:84340829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477730)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477730/; classtype:trojan-activity;sid:84340830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477731)"; flow:established,from_client; content:"GET"; http_method; content:"/kt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477731/; classtype:trojan-activity;sid:84340831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477732)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477732/; classtype:trojan-activity;sid:84340832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477733)"; flow:established,from_client; content:"GET"; http_method; content:"/faith"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477733/; classtype:trojan-activity;sid:84340833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477734)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477734/; classtype:trojan-activity;sid:84340834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477735)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477735/; classtype:trojan-activity;sid:84340835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477736)"; flow:established,from_client; content:"GET"; http_method; content:"/test.bot.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477736/; classtype:trojan-activity;sid:84340836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477737)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477737/; classtype:trojan-activity;sid:84340837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477727)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477727/; classtype:trojan-activity;sid:84340827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477721)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477721/; classtype:trojan-activity;sid:84340821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477722)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477722/; classtype:trojan-activity;sid:84340822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477723)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477723/; classtype:trojan-activity;sid:84340823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477724)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477724/; classtype:trojan-activity;sid:84340824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477725)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477725/; classtype:trojan-activity;sid:84340825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477726)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477726/; classtype:trojan-activity;sid:84340826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477720/; classtype:trojan-activity;sid:84340820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477715)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477715/; classtype:trojan-activity;sid:84340815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477716)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477716/; classtype:trojan-activity;sid:84340816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477717)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477717/; classtype:trojan-activity;sid:84340817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477718)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477718/; classtype:trojan-activity;sid:84340818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477719)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477719/; classtype:trojan-activity;sid:84340819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477701)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477701/; classtype:trojan-activity;sid:84340801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477702)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477702/; classtype:trojan-activity;sid:84340802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477703)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477703/; classtype:trojan-activity;sid:84340803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477704)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477704/; classtype:trojan-activity;sid:84340804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477705)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477705/; classtype:trojan-activity;sid:84340805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477706)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477706/; classtype:trojan-activity;sid:84340806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477707)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477707/; classtype:trojan-activity;sid:84340807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477708)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477708/; classtype:trojan-activity;sid:84340808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477709)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477709/; classtype:trojan-activity;sid:84340809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477710)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477710/; classtype:trojan-activity;sid:84340810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477711)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477711/; classtype:trojan-activity;sid:84340811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477712)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477712/; classtype:trojan-activity;sid:84340812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477713)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477713/; classtype:trojan-activity;sid:84340813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477714)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477714/; classtype:trojan-activity;sid:84340814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477696)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477696/; classtype:trojan-activity;sid:84340796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477697)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477697/; classtype:trojan-activity;sid:84340797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477698)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477698/; classtype:trojan-activity;sid:84340798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477699)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477699/; classtype:trojan-activity;sid:84340799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477700)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477700/; classtype:trojan-activity;sid:84340800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477679)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477679/; classtype:trojan-activity;sid:84340779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477680)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477680/; classtype:trojan-activity;sid:84340780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477681)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477681/; classtype:trojan-activity;sid:84340781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477682)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477682/; classtype:trojan-activity;sid:84340782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477683)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477683/; classtype:trojan-activity;sid:84340783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477684)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477684/; classtype:trojan-activity;sid:84340784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477685)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477685/; classtype:trojan-activity;sid:84340785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477686)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477686/; classtype:trojan-activity;sid:84340786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477687)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477687/; classtype:trojan-activity;sid:84340787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477688)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477688/; classtype:trojan-activity;sid:84340788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477689)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477689/; classtype:trojan-activity;sid:84340789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477690)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477690/; classtype:trojan-activity;sid:84340790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477691)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477691/; classtype:trojan-activity;sid:84340791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477692)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477692/; classtype:trojan-activity;sid:84340792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477693)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477693/; classtype:trojan-activity;sid:84340793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477694)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477694/; classtype:trojan-activity;sid:84340794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477695)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477695/; classtype:trojan-activity;sid:84340795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477662)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477662/; classtype:trojan-activity;sid:84340762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477663)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477663/; classtype:trojan-activity;sid:84340763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477664)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477664/; classtype:trojan-activity;sid:84340764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477665)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477665/; classtype:trojan-activity;sid:84340765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477666)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477666/; classtype:trojan-activity;sid:84340766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477667)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477667/; classtype:trojan-activity;sid:84340767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477668)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477668/; classtype:trojan-activity;sid:84340768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477669)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477669/; classtype:trojan-activity;sid:84340769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477670)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477670/; classtype:trojan-activity;sid:84340770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477671)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477671/; classtype:trojan-activity;sid:84340771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477672)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477672/; classtype:trojan-activity;sid:84340772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477673)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477673/; classtype:trojan-activity;sid:84340773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477674)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477674/; classtype:trojan-activity;sid:84340774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477675)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477675/; classtype:trojan-activity;sid:84340775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477676)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477676/; classtype:trojan-activity;sid:84340776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477677)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477677/; classtype:trojan-activity;sid:84340777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477678)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477678/; classtype:trojan-activity;sid:84340778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477660)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477660/; classtype:trojan-activity;sid:84340760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477661)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477661/; classtype:trojan-activity;sid:84340761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477656)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477656/; classtype:trojan-activity;sid:84340756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477657)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"illuminarebusiness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477657/; classtype:trojan-activity;sid:84340757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477658)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.zenithalbusiness.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477658/; classtype:trojan-activity;sid:84340758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477659)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477659/; classtype:trojan-activity;sid:84340759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477651)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477651/; classtype:trojan-activity;sid:84340751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477652)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477652/; classtype:trojan-activity;sid:84340752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477653)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477653/; classtype:trojan-activity;sid:84340753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477654)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477654/; classtype:trojan-activity;sid:84340754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477655)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mail.illuminarebusiness.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477655/; classtype:trojan-activity;sid:84340755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477644)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477644/; classtype:trojan-activity;sid:84340744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477645)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477645/; classtype:trojan-activity;sid:84340745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477646)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477646/; classtype:trojan-activity;sid:84340746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477647)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.illuminarebusiness.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477647/; classtype:trojan-activity;sid:84340747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477648)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477648/; classtype:trojan-activity;sid:84340748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477649)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.zenithalbusiness.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477649/; classtype:trojan-activity;sid:84340749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477650)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477650/; classtype:trojan-activity;sid:84340750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477643)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"zenithalbusiness.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477643/; classtype:trojan-activity;sid:84340743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477642/; classtype:trojan-activity;sid:84340742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477641)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.higun.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477641/; classtype:trojan-activity;sid:84340741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.209.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477640/; classtype:trojan-activity;sid:84340740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.tvwhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477639/; classtype:trojan-activity;sid:84340739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.tvwhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477633/; classtype:trojan-activity;sid:84340733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.qxfhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477634/; classtype:trojan-activity;sid:84340734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.qxfhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477635/; classtype:trojan-activity;sid:84340735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.schelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477636/; classtype:trojan-activity;sid:84340736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.umehelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477637/; classtype:trojan-activity;sid:84340737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.schelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477638/; classtype:trojan-activity;sid:84340738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.nexhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477623/; classtype:trojan-activity;sid:84340723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.marnobish.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477624/; classtype:trojan-activity;sid:84340724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.dslhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477625/; classtype:trojan-activity;sid:84340725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.bxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477626/; classtype:trojan-activity;sid:84340726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.glihelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477627/; classtype:trojan-activity;sid:84340727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.xvbhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477628/; classtype:trojan-activity;sid:84340728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.jlhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477629/; classtype:trojan-activity;sid:84340729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.xvbhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477630/; classtype:trojan-activity;sid:84340730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.jlhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477631/; classtype:trojan-activity;sid:84340731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.bxihelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477632/; classtype:trojan-activity;sid:84340732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.lpqhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477602/; classtype:trojan-activity;sid:84340702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.mwuhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477603/; classtype:trojan-activity;sid:84340703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.oqhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477604/; classtype:trojan-activity;sid:84340704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.sachelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477605/; classtype:trojan-activity;sid:84340705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.tvlhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477606/; classtype:trojan-activity;sid:84340706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.jbhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477607/; classtype:trojan-activity;sid:84340707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web3.rlhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477608/; classtype:trojan-activity;sid:84340708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web3.tvwhelp.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477609/; classtype:trojan-activity;sid:84340709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.dslhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477610/; classtype:trojan-activity;sid:84340710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.lowshelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477611/; classtype:trojan-activity;sid:84340711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.jybhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477612/; classtype:trojan-activity;sid:84340712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.jkhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477613/; classtype:trojan-activity;sid:84340713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.3.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477614/; classtype:trojan-activity;sid:84340714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.yxhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477615/; classtype:trojan-activity;sid:84340715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.yxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477616/; classtype:trojan-activity;sid:84340716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.rlhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477617/; classtype:trojan-activity;sid:84340717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.tvwhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477618/; classtype:trojan-activity;sid:84340718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.kafinora.cyou"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477619/; classtype:trojan-activity;sid:84340719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.nexhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477620/; classtype:trojan-activity;sid:84340720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.bxihelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477621/; classtype:trojan-activity;sid:84340721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.iunhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477622/; classtype:trojan-activity;sid:84340722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.lpqhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477596/; classtype:trojan-activity;sid:84340696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotlely.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477597/; classtype:trojan-activity;sid:84340697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.tvlhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477598/; classtype:trojan-activity;sid:84340698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.glihelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477599/; classtype:trojan-activity;sid:84340699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotleism.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477600/; classtype:trojan-activity;sid:84340700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.iunhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477601/; classtype:trojan-activity;sid:84340701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nq901p.me"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477594/; classtype:trojan-activity;sid:84340694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bolidaos.gajrokerware.cyou"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477595/; classtype:trojan-activity;sid:84340695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"1021.scpanel.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477593/; classtype:trojan-activity;sid:84340693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"cnacauth4687.loginback96.link"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477592/; classtype:trojan-activity;sid:84340692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.ejhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477590/; classtype:trojan-activity;sid:84340690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"coplidfo.gajrokerring.cyou"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477591/; classtype:trojan-activity;sid:84340691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.chelokipotleism.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477588/; classtype:trojan-activity;sid:84340688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw4927.chelokipotleia.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477589/; classtype:trojan-activity;sid:84340689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3699.jadonparod.cyou"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477586/; classtype:trojan-activity;sid:84340686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.chelokipotlesy.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477587/; classtype:trojan-activity;sid:84340687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3699.kafinora.cyou"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477584/; classtype:trojan-activity;sid:84340684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3699.fukratoli.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477585/; classtype:trojan-activity;sid:84340685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.atchelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477583/; classtype:trojan-activity;sid:84340683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.sachelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477580/; classtype:trojan-activity;sid:84340680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.chelokipotleist.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477581/; classtype:trojan-activity;sid:84340681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.archelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477582/; classtype:trojan-activity;sid:84340682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"accountability.thefenceanddeckguys.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477579/; classtype:trojan-activity;sid:84340679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web3.ejhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477578/; classtype:trojan-activity;sid:84340678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"cancel326.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477577/; classtype:trojan-activity;sid:84340677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.cancel326.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477576/; classtype:trojan-activity;sid:84340676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.sichelokiple.icu"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477575/; classtype:trojan-activity;sid:84340675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw4927.chelokipotleam.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477574/; classtype:trojan-activity;sid:84340674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.nonapukur.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477567/; classtype:trojan-activity;sid:84340667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.rxhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477568/; classtype:trojan-activity;sid:84340668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.bqxhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477569/; classtype:trojan-activity;sid:84340669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"xkhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477570/; classtype:trojan-activity;sid:84340670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.atchelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477571/; classtype:trojan-activity;sid:84340671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"systemsupport.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477572/; classtype:trojan-activity;sid:84340672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.totalukor.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477573/; classtype:trojan-activity;sid:84340673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn7134.chelokipotleia.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477557/; classtype:trojan-activity;sid:84340657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.efhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477558/; classtype:trojan-activity;sid:84340658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw4927.sichelokiple.icu"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477559/; classtype:trojan-activity;sid:84340659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.qdhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477560/; classtype:trojan-activity;sid:84340660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotleable.icu"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477561/; classtype:trojan-activity;sid:84340661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.sichelokiple.icu"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477562/; classtype:trojan-activity;sid:84340662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.ishelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477563/; classtype:trojan-activity;sid:84340663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"molartos.gajrokerist.cyou"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477564/; classtype:trojan-activity;sid:84340664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.fukratoli.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477565/; classtype:trojan-activity;sid:84340665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.bnhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477566/; classtype:trojan-activity;sid:84340666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxleo.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477548/; classtype:trojan-activity;sid:84340648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw4927.gochelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477549/; classtype:trojan-activity;sid:84340649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web3.jkhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477550/; classtype:trojan-activity;sid:84340650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.omhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477551/; classtype:trojan-activity;sid:84340651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.szhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477552/; classtype:trojan-activity;sid:84340652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web3.ishelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477553/; classtype:trojan-activity;sid:84340653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.chelokipotleus.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477554/; classtype:trojan-activity;sid:84340654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw4927.chelokipotleify.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477555/; classtype:trojan-activity;sid:84340655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.polabarish.cyou"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477556/; classtype:trojan-activity;sid:84340656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotlesy.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477531/; classtype:trojan-activity;sid:84340631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"xshelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477532/; classtype:trojan-activity;sid:84340632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotleity.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477533/; classtype:trojan-activity;sid:84340633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"tcrm-m3.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477534/; classtype:trojan-activity;sid:84340634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn6back63.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477535/; classtype:trojan-activity;sid:84340635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn7134.chelokipotlely.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477536/; classtype:trojan-activity;sid:84340636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.rxhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477537/; classtype:trojan-activity;sid:84340637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"tulicrp.engajroker.cyou"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477538/; classtype:trojan-activity;sid:84340638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.eihelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477539/; classtype:trojan-activity;sid:84340639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotlester.icu"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477540/; classtype:trojan-activity;sid:84340640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web3.bxhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477541/; classtype:trojan-activity;sid:84340641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"gthelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477542/; classtype:trojan-activity;sid:84340642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.lahelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477543/; classtype:trojan-activity;sid:84340643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotleam.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477544/; classtype:trojan-activity;sid:84340644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.jadonparod.cyou"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477545/; classtype:trojan-activity;sid:84340645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.fiqhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477546/; classtype:trojan-activity;sid:84340646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.euhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477547/; classtype:trojan-activity;sid:84340647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.jdhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477520/; classtype:trojan-activity;sid:84340620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web3.qrhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477521/; classtype:trojan-activity;sid:84340621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn7134.atchelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477522/; classtype:trojan-activity;sid:84340622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.jihelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477523/; classtype:trojan-activity;sid:84340623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.omhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477524/; classtype:trojan-activity;sid:84340624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw4927.chelokipotleism.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477525/; classtype:trojan-activity;sid:84340625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"suritups.regajroker.cyou"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477526/; classtype:trojan-activity;sid:84340626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn7134.chelokipotlemax.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477527/; classtype:trojan-activity;sid:84340627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"backsessions.loglink9.site"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477528/; classtype:trojan-activity;sid:84340628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.gbhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477529/; classtype:trojan-activity;sid:84340629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"niluwel.gajrokeron.cyou"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477530/; classtype:trojan-activity;sid:84340630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"cpauth0194.loginlink49.link"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477513/; classtype:trojan-activity;sid:84340613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"tgmaxsales.pl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477514/; classtype:trojan-activity;sid:84340614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"holerus.cogajroker.cyou"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477515/; classtype:trojan-activity;sid:84340615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.sbhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477516/; classtype:trojan-activity;sid:84340616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.ehhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477517/; classtype:trojan-activity;sid:84340617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"support.snb-bg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477518/; classtype:trojan-activity;sid:84340618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.jbhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477519/; classtype:trojan-activity;sid:84340619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.ichelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477500/; classtype:trojan-activity;sid:84340600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.hlghelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477501/; classtype:trojan-activity;sid:84340601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"turivor.edmaduliton.icu"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477502/; classtype:trojan-activity;sid:84340602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.hlghelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477503/; classtype:trojan-activity;sid:84340603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.iqhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477504/; classtype:trojan-activity;sid:84340604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.djhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477505/; classtype:trojan-activity;sid:84340605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotleist.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477506/; classtype:trojan-activity;sid:84340606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw4927.chelokipotleity.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477507/; classtype:trojan-activity;sid:84340607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.qdhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477508/; classtype:trojan-activity;sid:84340608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn7134.gochelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477509/; classtype:trojan-activity;sid:84340609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw36back93.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477510/; classtype:trojan-activity;sid:84340610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.gochelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477511/; classtype:trojan-activity;sid:84340611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotlemax.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477512/; classtype:trojan-activity;sid:84340612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.lahelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477483/; classtype:trojan-activity;sid:84340583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw4927.sachelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477484/; classtype:trojan-activity;sid:84340584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.wchelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477485/; classtype:trojan-activity;sid:84340585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.lachelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477486/; classtype:trojan-activity;sid:84340586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"lokermy.numaduliton.icu"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477487/; classtype:trojan-activity;sid:84340587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.chelokipotleam.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477488/; classtype:trojan-activity;sid:84340588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn7134.lachelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477489/; classtype:trojan-activity;sid:84340589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.loglink9.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477490/; classtype:trojan-activity;sid:84340590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web3.obhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477491/; classtype:trojan-activity;sid:84340591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.enchelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477492/; classtype:trojan-activity;sid:84340592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.pnbhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477493/; classtype:trojan-activity;sid:84340593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn7134.chelokipotleism.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477494/; classtype:trojan-activity;sid:84340594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"gajrokerer.cyou"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477495/; classtype:trojan-activity;sid:84340595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.iqhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477496/; classtype:trojan-activity;sid:84340596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pfgbks.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477497/; classtype:trojan-activity;sid:84340597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn7134.sachelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477498/; classtype:trojan-activity;sid:84340598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.qrhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477499/; classtype:trojan-activity;sid:84340599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn7134.chelokipotleity.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477477/; classtype:trojan-activity;sid:84340577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bk92auths830.loglink9.site"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477478/; classtype:trojan-activity;sid:84340578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.lhhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477479/; classtype:trojan-activity;sid:84340579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.obhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477480/; classtype:trojan-activity;sid:84340580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.szhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477481/; classtype:trojan-activity;sid:84340581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.qxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477482/; classtype:trojan-activity;sid:84340582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.chelokipotleio.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477473/; classtype:trojan-activity;sid:84340573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw4927.atchelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477474/; classtype:trojan-activity;sid:84340574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3498.chelokipotleify.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477475/; classtype:trojan-activity;sid:84340575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn8954.chelokipotleia.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477476/; classtype:trojan-activity;sid:84340576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3699.marnobish.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477472/; classtype:trojan-activity;sid:84340572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"zfaew-76.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477471/; classtype:trojan-activity;sid:84340571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxironguard.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477465/; classtype:trojan-activity;sid:84340565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.biyhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477466/; classtype:trojan-activity;sid:84340566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"uwhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477467/; classtype:trojan-activity;sid:84340567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortifypro.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477468/; classtype:trojan-activity;sid:84340568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardshift.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477469/; classtype:trojan-activity;sid:84340569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxnexguard.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477470/; classtype:trojan-activity;sid:84340570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"azmn-pp4.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477463/; classtype:trojan-activity;sid:84340563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"mabhelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477464/; classtype:trojan-activity;sid:84340564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsentinelx.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477460/; classtype:trojan-activity;sid:84340560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.cbihelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477461/; classtype:trojan-activity;sid:84340561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafecrypt.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477462/; classtype:trojan-activity;sid:84340562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"zxtwe-3x.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477452/; classtype:trojan-activity;sid:84340552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"axhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477453/; classtype:trojan-activity;sid:84340553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wlop10.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477454/; classtype:trojan-activity;sid:84340554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.jigisekar.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477455/; classtype:trojan-activity;sid:84340555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"erde3-ew5.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477456/; classtype:trojan-activity;sid:84340556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsecuregate.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477457/; classtype:trojan-activity;sid:84340557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxdefendx.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477458/; classtype:trojan-activity;sid:84340558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.lzhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477459/; classtype:trojan-activity;sid:84340559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw3699.timurocar.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477451/; classtype:trojan-activity;sid:84340551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"moqadiski.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477444/; classtype:trojan-activity;sid:84340544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"ki-man.screensconnectpro.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477445/; classtype:trojan-activity;sid:84340545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn3699.totalukor.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477446/; classtype:trojan-activity;sid:84340546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"medion-001-site1.ctempurl.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477447/; classtype:trojan-activity;sid:84340547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.eahelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477448/; classtype:trojan-activity;sid:84340548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"lrewq-99.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477449/; classtype:trojan-activity;sid:84340549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"mr26panel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477450/; classtype:trojan-activity;sid:84340550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fnback9636.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477435/; classtype:trojan-activity;sid:84340535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"ls-xsg.screensconnectpro.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477436/; classtype:trojan-activity;sid:84340536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn3699.jadonparod.cyou"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477437/; classtype:trojan-activity;sid:84340537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn3699.polabarish.cyou"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477438/; classtype:trojan-activity;sid:84340538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn3699.fukratoli.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477439/; classtype:trojan-activity;sid:84340539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"plphelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477440/; classtype:trojan-activity;sid:84340540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw3699.loglink9.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477441/; classtype:trojan-activity;sid:84340541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"mghelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477442/; classtype:trojan-activity;sid:84340542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699.timurocar.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477443/; classtype:trojan-activity;sid:84340543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wk3699.loglink9.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477434/; classtype:trojan-activity;sid:84340534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"mohamedsisyxyz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477433/; classtype:trojan-activity;sid:84340533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/client.support.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.197.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477432/; classtype:trojan-activity;sid:84340532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"acc.umehelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477430/; classtype:trojan-activity;sid:84340530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.tvwhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477431/; classtype:trojan-activity;sid:84340531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn3699.kafinora.cyou"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477428/; classtype:trojan-activity;sid:84340528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.jlhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477429/; classtype:trojan-activity;sid:84340529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn8954.sachelokipotle.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477426/; classtype:trojan-activity;sid:84340526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"r9c2p06qoxuhe4tv.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477427/; classtype:trojan-activity;sid:84340527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn8954.chelokipotlely.icu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477423/; classtype:trojan-activity;sid:84340523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jxcr-ui1.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477424/; classtype:trojan-activity;sid:84340524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.tvlhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477425/; classtype:trojan-activity;sid:84340525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.lpqhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477420/; classtype:trojan-activity;sid:84340520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn3699.marnobish.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477421/; classtype:trojan-activity;sid:84340521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.qxfhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477422/; classtype:trojan-activity;sid:84340522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.iunhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477405/; classtype:trojan-activity;sid:84340505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.jkhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477406/; classtype:trojan-activity;sid:84340506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"12support.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477407/; classtype:trojan-activity;sid:84340507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"krscreenconnect.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477408/; classtype:trojan-activity;sid:84340508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.nexhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477409/; classtype:trojan-activity;sid:84340509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.bxihelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477410/; classtype:trojan-activity;sid:84340510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.yxhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477411/; classtype:trojan-activity;sid:84340511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pkjapanel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477412/; classtype:trojan-activity;sid:84340512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.xvbhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477413/; classtype:trojan-activity;sid:84340513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.bxihelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477414/; classtype:trojan-activity;sid:84340514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.glihelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477415/; classtype:trojan-activity;sid:84340515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1021.scpanel.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477416/; classtype:trojan-activity;sid:84340516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.yxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477417/; classtype:trojan-activity;sid:84340517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.tvwhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477418/; classtype:trojan-activity;sid:84340518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"acc.jybhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477419/; classtype:trojan-activity;sid:84340519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.dslhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477393/; classtype:trojan-activity;sid:84340493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.jlhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477394/; classtype:trojan-activity;sid:84340494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.dslhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477395/; classtype:trojan-activity;sid:84340495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.tvwhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477396/; classtype:trojan-activity;sid:84340496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.jbhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477397/; classtype:trojan-activity;sid:84340497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.tvlhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477398/; classtype:trojan-activity;sid:84340498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.ejhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477399/; classtype:trojan-activity;sid:84340499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.rlhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477400/; classtype:trojan-activity;sid:84340500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web3.tvwhelp.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477401/; classtype:trojan-activity;sid:84340501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.nexhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477402/; classtype:trojan-activity;sid:84340502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.glihelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477403/; classtype:trojan-activity;sid:84340503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.xvbhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477404/; classtype:trojan-activity;sid:84340504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.iunhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477386/; classtype:trojan-activity;sid:84340486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"sf-oqh.screensconnectpro.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477387/; classtype:trojan-activity;sid:84340487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.qxfhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477388/; classtype:trojan-activity;sid:84340488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.lpqhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477389/; classtype:trojan-activity;sid:84340489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"acc.oqhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477390/; classtype:trojan-activity;sid:84340490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn8954.chelokipotleism.icu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477391/; classtype:trojan-activity;sid:84340491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.lowshelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477392/; classtype:trojan-activity;sid:84340492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jackxz1.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477383/; classtype:trojan-activity;sid:84340483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/client.support.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"37.221.65.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477384/; classtype:trojan-activity;sid:84340484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"stat2354.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477385/; classtype:trojan-activity;sid:84340485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cnacauth4687.loginback96.link"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477379/; classtype:trojan-activity;sid:84340479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/client.support.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.123.1.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477380/; classtype:trojan-activity;sid:84340480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"tylhelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477381/; classtype:trojan-activity;sid:84340481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"worldofchias.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477382/; classtype:trojan-activity;sid:84340482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/client.support.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.208.184.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477375/; classtype:trojan-activity;sid:84340475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/client.support.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.123.1.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477376/; classtype:trojan-activity;sid:84340476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"acc.mwuhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477377/; classtype:trojan-activity;sid:84340477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bolidaos.gajrokerware.cyou"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477378/; classtype:trojan-activity;sid:84340478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.39.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477374/; classtype:trojan-activity;sid:84340474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.77.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477373/; classtype:trojan-activity;sid:84340473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477372)"; flow:established,from_client; content:"GET"; http_method; content:"/46om600d05.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477372/; classtype:trojan-activity;sid:84340472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.30.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477371/; classtype:trojan-activity;sid:84340471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477370)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477370/; classtype:trojan-activity;sid:84340470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477367)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477367/; classtype:trojan-activity;sid:84340467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477368)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477368/; classtype:trojan-activity;sid:84340468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477369)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477369/; classtype:trojan-activity;sid:84340469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477366)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.xojyz.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477366/; classtype:trojan-activity;sid:84340466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.184.16.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477365/; classtype:trojan-activity;sid:84340465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.3.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477364/; classtype:trojan-activity;sid:84340464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.42.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477363/; classtype:trojan-activity;sid:84340463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.79.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477362/; classtype:trojan-activity;sid:84340462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477361/; classtype:trojan-activity;sid:84340461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.77.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477360/; classtype:trojan-activity;sid:84340460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477359)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477359/; classtype:trojan-activity;sid:84340459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.41.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477358/; classtype:trojan-activity;sid:84340458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477347)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477347/; classtype:trojan-activity;sid:84340447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477348)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.arm4t"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477348/; classtype:trojan-activity;sid:84340448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477349)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477349/; classtype:trojan-activity;sid:84340449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477350)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477350/; classtype:trojan-activity;sid:84340450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477351)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477351/; classtype:trojan-activity;sid:84340451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477352)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477352/; classtype:trojan-activity;sid:84340452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477353)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477353/; classtype:trojan-activity;sid:84340453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477354)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477354/; classtype:trojan-activity;sid:84340454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477355)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477355/; classtype:trojan-activity;sid:84340455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477356)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.m68"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477356/; classtype:trojan-activity;sid:84340456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477357)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477357/; classtype:trojan-activity;sid:84340457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.27.211"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477346/; classtype:trojan-activity;sid:84340446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.48.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477345/; classtype:trojan-activity;sid:84340445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477344/; classtype:trojan-activity;sid:84340444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.79.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477343/; classtype:trojan-activity;sid:84340443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477342/; classtype:trojan-activity;sid:84340442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477339)"; flow:established,from_client; content:"GET"; http_method; content:"/hgfs.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477339/; classtype:trojan-activity;sid:84340439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477340)"; flow:established,from_client; content:"GET"; http_method; content:"/hgfs.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477340/; classtype:trojan-activity;sid:84340440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477341)"; flow:established,from_client; content:"GET"; http_method; content:"/hgfs.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477341/; classtype:trojan-activity;sid:84340441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477336)"; flow:established,from_client; content:"GET"; http_method; content:"/hgfs.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477336/; classtype:trojan-activity;sid:84340436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477337)"; flow:established,from_client; content:"GET"; http_method; content:"/hgfs.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477337/; classtype:trojan-activity;sid:84340437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477338/; classtype:trojan-activity;sid:84340438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477334)"; flow:established,from_client; content:"GET"; http_method; content:"/hgfs.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477334/; classtype:trojan-activity;sid:84340434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477335)"; flow:established,from_client; content:"GET"; http_method; content:"/hgfs.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477335/; classtype:trojan-activity;sid:84340435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.128.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477332/; classtype:trojan-activity;sid:84340432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.48.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477333/; classtype:trojan-activity;sid:84340433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.27.211"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477331/; classtype:trojan-activity;sid:84340431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477330)"; flow:established,from_client; content:"GET"; http_method; content:"/b04g2o64lh.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477330/; classtype:trojan-activity;sid:84340430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477329/; classtype:trojan-activity;sid:84340429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.48.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477328/; classtype:trojan-activity;sid:84340428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477327/; classtype:trojan-activity;sid:84340427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477326/; classtype:trojan-activity;sid:84340426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.128.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477325/; classtype:trojan-activity;sid:84340425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477311)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477311/; classtype:trojan-activity;sid:84340411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477312)"; flow:established,from_client; content:"GET"; http_method; content:"/efjepc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477312/; classtype:trojan-activity;sid:84340412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477313)"; flow:established,from_client; content:"GET"; http_method; content:"/rrrdsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477313/; classtype:trojan-activity;sid:84340413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477314)"; flow:established,from_client; content:"GET"; http_method; content:"/vejfa5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477314/; classtype:trojan-activity;sid:84340414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477315)"; flow:established,from_client; content:"GET"; http_method; content:"/efefa7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477315/; classtype:trojan-activity;sid:84340415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477316)"; flow:established,from_client; content:"GET"; http_method; content:"/drea4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477316/; classtype:trojan-activity;sid:84340416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477317)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477317/; classtype:trojan-activity;sid:84340417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477318)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477318/; classtype:trojan-activity;sid:84340418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477319)"; flow:established,from_client; content:"GET"; http_method; content:"/eehah4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477319/; classtype:trojan-activity;sid:84340419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477320)"; flow:established,from_client; content:"GET"; http_method; content:"/rjfe686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477320/; classtype:trojan-activity;sid:84340420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477321)"; flow:established,from_client; content:"GET"; http_method; content:"/efea6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477321/; classtype:trojan-activity;sid:84340421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477322)"; flow:established,from_client; content:"GET"; http_method; content:"/jfeeps"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477322/; classtype:trojan-activity;sid:84340422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477323)"; flow:established,from_client; content:"GET"; http_method; content:"/vjwe68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477323/; classtype:trojan-activity;sid:84340423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477324)"; flow:established,from_client; content:"GET"; http_method; content:"/weje64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477324/; classtype:trojan-activity;sid:84340424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.30.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477310/; classtype:trojan-activity;sid:84340410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.48.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477309/; classtype:trojan-activity;sid:84340409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477308)"; flow:established,from_client; content:"GET"; http_method; content:"/d/0vz84owx/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477308/; classtype:trojan-activity;sid:84340408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477307)"; flow:established,from_client; content:"GET"; http_method; content:"/346/givenbestresultswithglorryeyeshappiness.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"213.165.70.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477307/; classtype:trojan-activity;sid:84340407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.218.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477306/; classtype:trojan-activity;sid:84340406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"rmkaio1.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477301/; classtype:trojan-activity;sid:84340401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477302/; classtype:trojan-activity;sid:84340402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"agd-yrr1.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477303/; classtype:trojan-activity;sid:84340403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jdsfrw-11.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477304/; classtype:trojan-activity;sid:84340404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.wtshelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477305/; classtype:trojan-activity;sid:84340405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.xshelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477291/; classtype:trojan-activity;sid:84340391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"xqwa87.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477292/; classtype:trojan-activity;sid:84340392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477293)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bookmanageditres.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477293/; classtype:trojan-activity;sid:84340393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"hlaowu8.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477294/; classtype:trojan-activity;sid:84340394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477295)"; flow:established,from_client; content:"GET"; http_method; content:"/736xoavb6qypzl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cpt-exmple.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477295/; classtype:trojan-activity;sid:84340395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"vcri98.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477296/; classtype:trojan-activity;sid:84340396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxclearklock.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477297/; classtype:trojan-activity;sid:84340397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pnbf-gv.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477298/; classtype:trojan-activity;sid:84340398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxshieldpro.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477299/; classtype:trojan-activity;sid:84340399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"egmn-4ew.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477300/; classtype:trojan-activity;sid:84340400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"vjpanplus.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477289/; classtype:trojan-activity;sid:84340389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477290)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"cpt-exmple.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477290/; classtype:trojan-activity;sid:84340390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bzsew-4ew.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477280/; classtype:trojan-activity;sid:84340380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberhaven.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477281/; classtype:trojan-activity;sid:84340381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.crjhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477282/; classtype:trojan-activity;sid:84340382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.livhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477283/; classtype:trojan-activity;sid:84340383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.ebhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477284/; classtype:trojan-activity;sid:84340384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"kzsr4t-rr.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477285/; classtype:trojan-activity;sid:84340385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.lnhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477286/; classtype:trojan-activity;sid:84340386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"mxews5.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477287/; classtype:trojan-activity;sid:84340387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nxsw-tq2.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477288/; classtype:trojan-activity;sid:84340388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"kryzuxyzhosting.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477279/; classtype:trojan-activity;sid:84340379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.12.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477278/; classtype:trojan-activity;sid:84340378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477276/; classtype:trojan-activity;sid:84340376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.103.133.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477277/; classtype:trojan-activity;sid:84340377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"oxtt-76r.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477268/; classtype:trojan-activity;sid:84340368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"andydoestech.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477269/; classtype:trojan-activity;sid:84340369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"aehelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477270/; classtype:trojan-activity;sid:84340370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.tishelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477271/; classtype:trojan-activity;sid:84340371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.aehelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477272/; classtype:trojan-activity;sid:84340372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bfjduf2.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477273/; classtype:trojan-activity;sid:84340373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.qlhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477274/; classtype:trojan-activity;sid:84340374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wjhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477275/; classtype:trojan-activity;sid:84340375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.104.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477266/; classtype:trojan-activity;sid:84340366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"ubftr3.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477267/; classtype:trojan-activity;sid:84340367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.mzihelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477264/; classtype:trojan-activity;sid:84340364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.uhhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477265/; classtype:trojan-activity;sid:84340365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477261/; classtype:trojan-activity;sid:84340361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"steelrivertechs.sherpadesk.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477262/; classtype:trojan-activity;sid:84340362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"t7m.top"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477263/; classtype:trojan-activity;sid:84340363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"enterscreens.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477260/; classtype:trojan-activity;sid:84340360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.jmhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477258/; classtype:trojan-activity;sid:84340358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"vbcre-76y.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477259/; classtype:trojan-activity;sid:84340359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.nmphelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477254/; classtype:trojan-activity;sid:84340354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"xmnv-ytr.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477255/; classtype:trojan-activity;sid:84340355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.dshelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477256/; classtype:trojan-activity;sid:84340356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.xohelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477257/; classtype:trojan-activity;sid:84340357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.mzihelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477246/; classtype:trojan-activity;sid:84340346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.odhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477247/; classtype:trojan-activity;sid:84340347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.axhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477248/; classtype:trojan-activity;sid:84340348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"work.tdhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477249/; classtype:trojan-activity;sid:84340349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.ivhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477250/; classtype:trojan-activity;sid:84340350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"huyew-11.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477251/; classtype:trojan-activity;sid:84340351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nwpihelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477252/; classtype:trojan-activity;sid:84340352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"adminxyzhosting.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477253/; classtype:trojan-activity;sid:84340353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"kmscreennenene.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477244/; classtype:trojan-activity;sid:84340344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.onhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477245/; classtype:trojan-activity;sid:84340345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"ygahelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477239/; classtype:trojan-activity;sid:84340339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"novpanel.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477240/; classtype:trojan-activity;sid:84340340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"screensconnct.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477241/; classtype:trojan-activity;sid:84340341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"mr27aupan.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477242/; classtype:trojan-activity;sid:84340342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wothelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477243/; classtype:trojan-activity;sid:84340343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"mw-oiw.screensconnectpro.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477236/; classtype:trojan-activity;sid:84340336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.bxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477237/; classtype:trojan-activity;sid:84340337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jacksgg.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477238/; classtype:trojan-activity;sid:84340338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"awedinetwork.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477235/; classtype:trojan-activity;sid:84340335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"zaimsonly.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477234/; classtype:trojan-activity;sid:84340334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nonopanel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477233/; classtype:trojan-activity;sid:84340333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.qrhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477232/; classtype:trojan-activity;sid:84340332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.ishelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477230/; classtype:trojan-activity;sid:84340330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web3.jkhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477231/; classtype:trojan-activity;sid:84340331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.szhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477214/; classtype:trojan-activity;sid:84340314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web3.qrhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477215/; classtype:trojan-activity;sid:84340315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.jbhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477216/; classtype:trojan-activity;sid:84340316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.djhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477217/; classtype:trojan-activity;sid:84340317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.djhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477218/; classtype:trojan-activity;sid:84340318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn3699.jadonparod.cyou"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477219/; classtype:trojan-activity;sid:84340319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bk92auths830.loglink9.site"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477220/; classtype:trojan-activity;sid:84340320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.qdhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477221/; classtype:trojan-activity;sid:84340321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.bnhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477222/; classtype:trojan-activity;sid:84340322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.rxhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477223/; classtype:trojan-activity;sid:84340323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.iqhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477224/; classtype:trojan-activity;sid:84340324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web3.obhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477225/; classtype:trojan-activity;sid:84340325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web3.bxhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477226/; classtype:trojan-activity;sid:84340326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.iqhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477227/; classtype:trojan-activity;sid:84340327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web3.ishelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477228/; classtype:trojan-activity;sid:84340328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.jihelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477229/; classtype:trojan-activity;sid:84340329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn3699.nonapukur.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477213/; classtype:trojan-activity;sid:84340313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"web.obhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477212/; classtype:trojan-activity;sid:84340312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.omhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477211/; classtype:trojan-activity;sid:84340311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.efhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477210/; classtype:trojan-activity;sid:84340310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.gbhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477207/; classtype:trojan-activity;sid:84340307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.qmhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477208/; classtype:trojan-activity;sid:84340308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.eihelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477209/; classtype:trojan-activity;sid:84340309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.lahelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477188/; classtype:trojan-activity;sid:84340288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.wchelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477189/; classtype:trojan-activity;sid:84340289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.lahelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477190/; classtype:trojan-activity;sid:84340290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.sbhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477191/; classtype:trojan-activity;sid:84340291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.efhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477192/; classtype:trojan-activity;sid:84340292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.euhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477193/; classtype:trojan-activity;sid:84340293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.lhhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477194/; classtype:trojan-activity;sid:84340294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.ichelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477195/; classtype:trojan-activity;sid:84340295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.szhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477196/; classtype:trojan-activity;sid:84340296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn3699.polabarish.cyou"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477197/; classtype:trojan-activity;sid:84340297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.qehelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477198/; classtype:trojan-activity;sid:84340298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.jdhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477199/; classtype:trojan-activity;sid:84340299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.omhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477200/; classtype:trojan-activity;sid:84340300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn8954.chelokipotlester.icu"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477201/; classtype:trojan-activity;sid:84340301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn3699.loglink9.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477202/; classtype:trojan-activity;sid:84340302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m.qdhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477203/; classtype:trojan-activity;sid:84340303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.ehhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477204/; classtype:trojan-activity;sid:84340304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p.ichelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477205/; classtype:trojan-activity;sid:84340305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.qxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477206/; classtype:trojan-activity;sid:84340306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn3699.fukratoli.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477184/; classtype:trojan-activity;sid:84340284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"turivor.edmaduliton.icu"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477185/; classtype:trojan-activity;sid:84340285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn8954.chelokipotleable.icu"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477186/; classtype:trojan-activity;sid:84340286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.238.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477187/; classtype:trojan-activity;sid:84340287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477183)"; flow:established,from_client; content:"GET"; http_method; content:"/880/verysurethingsonherewithgreatthings.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"172.245.191.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477183/; classtype:trojan-activity;sid:84340283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477182)"; flow:established,from_client; content:"GET"; http_method; content:"/880/verysurethingsonherewithgreatthings.png"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"172.245.191.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477182/; classtype:trojan-activity;sid:84340282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477181)"; flow:established,from_client; content:"GET"; http_method; content:"/czydmpeonietymxkxhxpiowux253.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"192.159.99.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477181/; classtype:trojan-activity;sid:84340281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477180)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/runpee.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477180/; classtype:trojan-activity;sid:84340280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477175)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/don.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477175/; classtype:trojan-activity;sid:84340275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477176)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/obfuscated%20(1).rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477176/; classtype:trojan-activity;sid:84340276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477177)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/brainnn.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477177/; classtype:trojan-activity;sid:84340277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477178)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/email.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477178/; classtype:trojan-activity;sid:84340278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477179)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/cozzy.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477179/; classtype:trojan-activity;sid:84340279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477174)"; flow:established,from_client; content:"GET"; http_method; content:"/akuwgdriey158.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"173.249.204.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477174/; classtype:trojan-activity;sid:84340274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477173)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/believve.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477173/; classtype:trojan-activity;sid:84340273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477172/; classtype:trojan-activity;sid:84340272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477164)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.nocun.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477164/; classtype:trojan-activity;sid:84340264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477165)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/believe.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477165/; classtype:trojan-activity;sid:84340265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477166)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/brainn.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477166/; classtype:trojan-activity;sid:84340266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477167)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/money.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477167/; classtype:trojan-activity;sid:84340267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477168)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/don.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477168/; classtype:trojan-activity;sid:84340268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477169)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/moneynew.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477169/; classtype:trojan-activity;sid:84340269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.bchelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477170/; classtype:trojan-activity;sid:84340270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477171)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/believve.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477171/; classtype:trojan-activity;sid:84340271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"xohelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477163/; classtype:trojan-activity;sid:84340263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.0.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477162/; classtype:trojan-activity;sid:84340262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberapex.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477161/; classtype:trojan-activity;sid:84340261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.qvhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477155/; classtype:trojan-activity;sid:84340255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.206.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477156/; classtype:trojan-activity;sid:84340256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafenova.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477157/; classtype:trojan-activity;sid:84340257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.anphelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477158/; classtype:trojan-activity;sid:84340258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477159)"; flow:established,from_client; content:"GET"; http_method; content:"/fejwvbyvlzertf68.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"204.10.160.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477159/; classtype:trojan-activity;sid:84340259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"laphelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477160/; classtype:trojan-activity;sid:84340260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.pnbhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477153/; classtype:trojan-activity;sid:84340253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.knhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477154/; classtype:trojan-activity;sid:84340254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.fiqhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477152/; classtype:trojan-activity;sid:84340252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nphelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477151/; classtype:trojan-activity;sid:84340251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.mcohelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477149/; classtype:trojan-activity;sid:84340249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"gcxew-33w.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477150/; classtype:trojan-activity;sid:84340250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.kxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477146/; classtype:trojan-activity;sid:84340246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nohelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477147/; classtype:trojan-activity;sid:84340247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"gbnace7.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477148/; classtype:trojan-activity;sid:84340248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.bqxhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477143/; classtype:trojan-activity;sid:84340243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"support.ssagovsecure.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477144/; classtype:trojan-activity;sid:84340244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.kahelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477145/; classtype:trojan-activity;sid:84340245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"voicemail-twisters.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477142/; classtype:trojan-activity;sid:84340242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"u9b.top"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477137/; classtype:trojan-activity;sid:84340237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.lwhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477138/; classtype:trojan-activity;sid:84340238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.cjxhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477139/; classtype:trojan-activity;sid:84340239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.rwbhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477140/; classtype:trojan-activity;sid:84340240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"stremsconnect.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477141/; classtype:trojan-activity;sid:84340241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wnhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477136/; classtype:trojan-activity;sid:84340236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.wjhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477133/; classtype:trojan-activity;sid:84340233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"ndxs439.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477134/; classtype:trojan-activity;sid:84340234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"gzeed-33w.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477135/; classtype:trojan-activity;sid:84340235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.eqhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477129/; classtype:trojan-activity;sid:84340229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.uxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477130/; classtype:trojan-activity;sid:84340230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.bmhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477131/; classtype:trojan-activity;sid:84340231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"orhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477132/; classtype:trojan-activity;sid:84340232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"op-njs.screensconnectpro.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477128/; classtype:trojan-activity;sid:84340228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"slupvctorya.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477126/; classtype:trojan-activity;sid:84340226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.getsupportbr.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477127/; classtype:trojan-activity;sid:84340227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.klhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477125/; classtype:trojan-activity;sid:84340225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"os.ujhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477123/; classtype:trojan-activity;sid:84340223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wplhelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477124/; classtype:trojan-activity;sid:84340224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.eqhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477122/; classtype:trojan-activity;sid:84340222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.rwbhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477121/; classtype:trojan-activity;sid:84340221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.wlhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477120/; classtype:trojan-activity;sid:84340220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.wkhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477117/; classtype:trojan-activity;sid:84340217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.knhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477118/; classtype:trojan-activity;sid:84340218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.u9b.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477119/; classtype:trojan-activity;sid:84340219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fter-po5.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477114/; classtype:trojan-activity;sid:84340214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.qghelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477115/; classtype:trojan-activity;sid:84340215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.kbhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477116/; classtype:trojan-activity;sid:84340216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.ozhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477109/; classtype:trojan-activity;sid:84340209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"tgphelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477110/; classtype:trojan-activity;sid:84340210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.ivhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477111/; classtype:trojan-activity;sid:84340211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.kbhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477112/; classtype:trojan-activity;sid:84340212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.rzhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477113/; classtype:trojan-activity;sid:84340213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.kahelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477106/; classtype:trojan-activity;sid:84340206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.bchelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477107/; classtype:trojan-activity;sid:84340207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.ozhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477108/; classtype:trojan-activity;sid:84340208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"codeincconnect.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477105/; classtype:trojan-activity;sid:84340205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.wnhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477104/; classtype:trojan-activity;sid:84340204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"rjpanelplus.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477103/; classtype:trojan-activity;sid:84340203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477102)"; flow:established,from_client; content:"GET"; http_method; content:"/263ff79562167f22/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"213.209.150.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477102/; classtype:trojan-activity;sid:84340202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477101)"; flow:established,from_client; content:"GET"; http_method; content:"/msvp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"endurancefloorferqecrace.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477101/; classtype:trojan-activity;sid:84340201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477100)"; flow:established,from_client; content:"GET"; http_method; content:"/2krbax.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"endurancefloorferqecrace.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477100/; classtype:trojan-activity;sid:84340200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477098)"; flow:established,from_client; content:"GET"; http_method; content:"/femabr.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"endurancefloorferqecrace.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477098/; classtype:trojan-activity;sid:84340198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477099)"; flow:established,from_client; content:"GET"; http_method; content:"/1krbax.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"endurancefloorferqecrace.de"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477099/; classtype:trojan-activity;sid:84340199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477097)"; flow:established,from_client; content:"GET"; http_method; content:"/263ff79562167f22/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"213.209.150.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477097/; classtype:trojan-activity;sid:84340197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477091)"; flow:established,from_client; content:"GET"; http_method; content:"/d308e86880289517/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"195.10.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477091/; classtype:trojan-activity;sid:84340191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477092)"; flow:established,from_client; content:"GET"; http_method; content:"/263ff79562167f22/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"213.209.150.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477092/; classtype:trojan-activity;sid:84340192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477093)"; flow:established,from_client; content:"GET"; http_method; content:"/263ff79562167f22/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"213.209.150.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477093/; classtype:trojan-activity;sid:84340193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477094)"; flow:established,from_client; content:"GET"; http_method; content:"/263ff79562167f22/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.150.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477094/; classtype:trojan-activity;sid:84340194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477095)"; flow:established,from_client; content:"GET"; http_method; content:"/263ff79562167f22/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.150.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477095/; classtype:trojan-activity;sid:84340195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477096)"; flow:established,from_client; content:"GET"; http_method; content:"/263ff79562167f22/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"213.209.150.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477096/; classtype:trojan-activity;sid:84340196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477088)"; flow:established,from_client; content:"GET"; http_method; content:"/d308e86880289517/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"195.10.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477088/; classtype:trojan-activity;sid:84340188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477089)"; flow:established,from_client; content:"GET"; http_method; content:"/d308e86880289517/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"195.10.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477089/; classtype:trojan-activity;sid:84340189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477090)"; flow:established,from_client; content:"GET"; http_method; content:"/d308e86880289517/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"195.10.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477090/; classtype:trojan-activity;sid:84340190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477084)"; flow:established,from_client; content:"GET"; http_method; content:"/data/soft.php/|3f|adguardpremiump0"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"kjerghjjl43klrejkferhgk.top"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477084/; classtype:trojan-activity;sid:84340184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477085)"; flow:established,from_client; content:"GET"; http_method; content:"/d308e86880289517/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"195.10.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477085/; classtype:trojan-activity;sid:84340185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477086)"; flow:established,from_client; content:"GET"; http_method; content:"/d308e86880289517/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"195.10.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477086/; classtype:trojan-activity;sid:84340186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477087)"; flow:established,from_client; content:"GET"; http_method; content:"/d308e86880289517/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"195.10.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477087/; classtype:trojan-activity;sid:84340187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.15.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477083/; classtype:trojan-activity;sid:84340183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.41.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477082/; classtype:trojan-activity;sid:84340182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477081/; classtype:trojan-activity;sid:84340181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477080)"; flow:established,from_client; content:"GET"; http_method; content:"/mys0qhs5nu.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477080/; classtype:trojan-activity;sid:84340180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.70.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477079/; classtype:trojan-activity;sid:84340179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.238.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477078/; classtype:trojan-activity;sid:84340178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.83.119.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477077/; classtype:trojan-activity;sid:84340177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477076/; classtype:trojan-activity;sid:84340176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.9.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477075/; classtype:trojan-activity;sid:84340175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.165.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477074/; classtype:trojan-activity;sid:84340174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.132.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477073/; classtype:trojan-activity;sid:84340173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.162.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477072/; classtype:trojan-activity;sid:84340172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.15.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477071/; classtype:trojan-activity;sid:84340171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.90.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477070/; classtype:trojan-activity;sid:84340170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.70.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477069/; classtype:trojan-activity;sid:84340169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.9.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477068/; classtype:trojan-activity;sid:84340168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.245.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477067/; classtype:trojan-activity;sid:84340167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.242.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477066/; classtype:trojan-activity;sid:84340166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477064/; classtype:trojan-activity;sid:84340164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477065/; classtype:trojan-activity;sid:84340165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.166.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477063/; classtype:trojan-activity;sid:84340163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477062/; classtype:trojan-activity;sid:84340162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.81.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477061/; classtype:trojan-activity;sid:84340161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.168.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477060/; classtype:trojan-activity;sid:84340160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.175.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477059/; classtype:trojan-activity;sid:84340159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477058/; classtype:trojan-activity;sid:84340158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.190.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477057/; classtype:trojan-activity;sid:84340157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.250.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477056/; classtype:trojan-activity;sid:84340156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.249.37.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477055/; classtype:trojan-activity;sid:84340155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.24.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477054/; classtype:trojan-activity;sid:84340154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477053/; classtype:trojan-activity;sid:84340153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.181.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477052/; classtype:trojan-activity;sid:84340152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.245.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477051/; classtype:trojan-activity;sid:84340151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.101"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477050/; classtype:trojan-activity;sid:84340150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.75.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477049/; classtype:trojan-activity;sid:84340149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.190.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477048/; classtype:trojan-activity;sid:84340148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.216.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477047/; classtype:trojan-activity;sid:84340147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.176.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477046/; classtype:trojan-activity;sid:84340146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.22.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477045/; classtype:trojan-activity;sid:84340145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477044)"; flow:established,from_client; content:"GET"; http_method; content:"/kkt033wm5b.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477044/; classtype:trojan-activity;sid:84340144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.91.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477043/; classtype:trojan-activity;sid:84340143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.24.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477042/; classtype:trojan-activity;sid:84340142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477041/; classtype:trojan-activity;sid:84340141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477040/; classtype:trojan-activity;sid:84340140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.144.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477039/; classtype:trojan-activity;sid:84340139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.175.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477038/; classtype:trojan-activity;sid:84340138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.63.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477035/; classtype:trojan-activity;sid:84340135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477036/; classtype:trojan-activity;sid:84340136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.233.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477037/; classtype:trojan-activity;sid:84340137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.176.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477034/; classtype:trojan-activity;sid:84340134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.252.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477033/; classtype:trojan-activity;sid:84340133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.175.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477032/; classtype:trojan-activity;sid:84340132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.212.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477031/; classtype:trojan-activity;sid:84340131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.215.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477030/; classtype:trojan-activity;sid:84340130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477029/; classtype:trojan-activity;sid:84340129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.20.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477028/; classtype:trojan-activity;sid:84340128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477027/; classtype:trojan-activity;sid:84340127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.176.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477026/; classtype:trojan-activity;sid:84340126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477025/; classtype:trojan-activity;sid:84340125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.184.16.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477024/; classtype:trojan-activity;sid:84340124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.233.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477023/; classtype:trojan-activity;sid:84340123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.144.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477022/; classtype:trojan-activity;sid:84340122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.243.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477021/; classtype:trojan-activity;sid:84340121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477020/; classtype:trojan-activity;sid:84340120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.16.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477019/; classtype:trojan-activity;sid:84340119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477018/; classtype:trojan-activity;sid:84340118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.176.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477017/; classtype:trojan-activity;sid:84340117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.215.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477016/; classtype:trojan-activity;sid:84340116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.20.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477014/; classtype:trojan-activity;sid:84340114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.212.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477015/; classtype:trojan-activity;sid:84340115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477013)"; flow:established,from_client; content:"GET"; http_method; content:"/1jqg0h8m0l.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477013/; classtype:trojan-activity;sid:84340113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.169.165.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477012/; classtype:trojan-activity;sid:84340112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477011/; classtype:trojan-activity;sid:84340111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.28.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477010/; classtype:trojan-activity;sid:84340110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.83.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477009/; classtype:trojan-activity;sid:84340109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.87.114.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477008/; classtype:trojan-activity;sid:84340108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477007/; classtype:trojan-activity;sid:84340107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.149.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477006/; classtype:trojan-activity;sid:84340106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.53.54.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477005/; classtype:trojan-activity;sid:84340105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.28.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477004/; classtype:trojan-activity;sid:84340104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477003/; classtype:trojan-activity;sid:84340103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477001)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.37.123.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477001/; classtype:trojan-activity;sid:84340101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477002)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.37.123.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477002/; classtype:trojan-activity;sid:84340102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.169.165.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477000/; classtype:trojan-activity;sid:84340100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.227.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476999/; classtype:trojan-activity;sid:84340099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476998/; classtype:trojan-activity;sid:84340098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.154.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476997/; classtype:trojan-activity;sid:84340097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476996)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.60.226.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476996/; classtype:trojan-activity;sid:84340096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476995/; classtype:trojan-activity;sid:84340095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.110.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476994/; classtype:trojan-activity;sid:84340094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.154.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476992/; classtype:trojan-activity;sid:84340092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476993/; classtype:trojan-activity;sid:84340093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476991/; classtype:trojan-activity;sid:84340091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.227.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476990/; classtype:trojan-activity;sid:84340090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.236.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476989/; classtype:trojan-activity;sid:84340089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476988)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.sh4"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476988/; classtype:trojan-activity;sid:84340088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476981)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.mips"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476981/; classtype:trojan-activity;sid:84340081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476982)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.spc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476982/; classtype:trojan-activity;sid:84340082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476983)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.x86_64"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476983/; classtype:trojan-activity;sid:84340083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476984)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.m68k"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476984/; classtype:trojan-activity;sid:84340084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476985)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.ppc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476985/; classtype:trojan-activity;sid:84340085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476986)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.arm6"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476986/; classtype:trojan-activity;sid:84340086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476987)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.arm7"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476987/; classtype:trojan-activity;sid:84340087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476975)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.arc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476975/; classtype:trojan-activity;sid:84340075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476976)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.arm"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476976/; classtype:trojan-activity;sid:84340076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476977)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.arm5"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476977/; classtype:trojan-activity;sid:84340077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476978)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.mpsl"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476978/; classtype:trojan-activity;sid:84340078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476979)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.i686"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476979/; classtype:trojan-activity;sid:84340079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476980)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.i486"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476980/; classtype:trojan-activity;sid:84340080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476974)"; flow:established,from_client; content:"GET"; http_method; content:"/kkvettgaaasecnnaaaa/kkvettgaaasecnnaaaa.x86"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476974/; classtype:trojan-activity;sid:84340074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476973)"; flow:established,from_client; content:"GET"; http_method; content:"/ohsitsvegawellrip.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476973/; classtype:trojan-activity;sid:84340073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476972)"; flow:established,from_client; content:"GET"; http_method; content:"/cache"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.157.176.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476972/; classtype:trojan-activity;sid:84340072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476971)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476971/; classtype:trojan-activity;sid:84340071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476961)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476961/; classtype:trojan-activity;sid:84340061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476962)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476962/; classtype:trojan-activity;sid:84340062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476963)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476963/; classtype:trojan-activity;sid:84340063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476964)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476964/; classtype:trojan-activity;sid:84340064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476965)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476965/; classtype:trojan-activity;sid:84340065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476966)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476966/; classtype:trojan-activity;sid:84340066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476967)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476967/; classtype:trojan-activity;sid:84340067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476968)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476968/; classtype:trojan-activity;sid:84340068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476969)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476969/; classtype:trojan-activity;sid:84340069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476970)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"servicesssl.linkpc.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476970/; classtype:trojan-activity;sid:84340070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476950)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476950/; classtype:trojan-activity;sid:84340050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476951)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476951/; classtype:trojan-activity;sid:84340051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476952)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476952/; classtype:trojan-activity;sid:84340052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476953)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476953/; classtype:trojan-activity;sid:84340053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476954)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476954/; classtype:trojan-activity;sid:84340054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476955)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476955/; classtype:trojan-activity;sid:84340055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476956)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476956/; classtype:trojan-activity;sid:84340056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476957)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476957/; classtype:trojan-activity;sid:84340057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476958)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476958/; classtype:trojan-activity;sid:84340058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476959)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476959/; classtype:trojan-activity;sid:84340059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476960)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.54.88.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476960/; classtype:trojan-activity;sid:84340060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.110.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476949/; classtype:trojan-activity;sid:84340049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476948)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476948/; classtype:trojan-activity;sid:84340048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476938)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476938/; classtype:trojan-activity;sid:84340038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476939)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476939/; classtype:trojan-activity;sid:84340039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476940)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476940/; classtype:trojan-activity;sid:84340040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476941)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476941/; classtype:trojan-activity;sid:84340041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476942)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476942/; classtype:trojan-activity;sid:84340042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476943)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476943/; classtype:trojan-activity;sid:84340043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476944)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476944/; classtype:trojan-activity;sid:84340044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476945)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476945/; classtype:trojan-activity;sid:84340045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476946)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476946/; classtype:trojan-activity;sid:84340046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476947)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.182.171.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476947/; classtype:trojan-activity;sid:84340047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476937)"; flow:established,from_client; content:"GET"; http_method; content:"/x5gdvjahjr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476937/; classtype:trojan-activity;sid:84340037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476936/; classtype:trojan-activity;sid:84340036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.12.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476935/; classtype:trojan-activity;sid:84340035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476934/; classtype:trojan-activity;sid:84340034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476933/; classtype:trojan-activity;sid:84340033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.0.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476932/; classtype:trojan-activity;sid:84340032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476931/; classtype:trojan-activity;sid:84340031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.235.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476930/; classtype:trojan-activity;sid:84340030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476929)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.qalyj.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476929/; classtype:trojan-activity;sid:84340029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.235.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476928/; classtype:trojan-activity;sid:84340028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.30.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476927/; classtype:trojan-activity;sid:84340027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.205.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476926/; classtype:trojan-activity;sid:84340026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.155.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476925/; classtype:trojan-activity;sid:84340025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.35.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476923/; classtype:trojan-activity;sid:84340023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476924/; classtype:trojan-activity;sid:84340024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476922/; classtype:trojan-activity;sid:84340022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.253.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476919/; classtype:trojan-activity;sid:84340019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.189.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476920/; classtype:trojan-activity;sid:84340020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476921/; classtype:trojan-activity;sid:84340021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476911)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/windows.bat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"62.133.61.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476911/; classtype:trojan-activity;sid:84340011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476912)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/readme.url"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.61.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476912/; classtype:trojan-activity;sid:84340012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476913)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/xwxw.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.133.61.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476913/; classtype:trojan-activity;sid:84340013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476914)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/demo.bat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.133.61.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476914/; classtype:trojan-activity;sid:84340014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476915)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/filexx.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.61.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476915/; classtype:trojan-activity;sid:84340015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476916)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/file.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.133.61.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476916/; classtype:trojan-activity;sid:84340016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476917)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/xx/xx.mp4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.133.61.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476917/; classtype:trojan-activity;sid:84340017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476918)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/error.mp4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.133.61.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476918/; classtype:trojan-activity;sid:84340018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.194.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476910/; classtype:trojan-activity;sid:84340010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476909)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/passwords.url"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"62.133.61.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476909/; classtype:trojan-activity;sid:84340009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.123.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476908/; classtype:trojan-activity;sid:84340008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.230.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476907/; classtype:trojan-activity;sid:84340007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.54.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476906/; classtype:trojan-activity;sid:84340006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.43.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476905/; classtype:trojan-activity;sid:84340005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476904/; classtype:trojan-activity;sid:84340004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476903)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.tudim.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476903/; classtype:trojan-activity;sid:84340003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476899)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476899/; classtype:trojan-activity;sid:84339999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476900)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476900/; classtype:trojan-activity;sid:84340000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476901)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476901/; classtype:trojan-activity;sid:84340001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.73.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476902/; classtype:trojan-activity;sid:84340002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476897)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476897/; classtype:trojan-activity;sid:84339997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476898)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476898/; classtype:trojan-activity;sid:84339998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476895)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.arm4t"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476895/; classtype:trojan-activity;sid:84339995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476896)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476896/; classtype:trojan-activity;sid:84339996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476891)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476891/; classtype:trojan-activity;sid:84339991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476892)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476892/; classtype:trojan-activity;sid:84339992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476893)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476893/; classtype:trojan-activity;sid:84339993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476894)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.m68"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476894/; classtype:trojan-activity;sid:84339994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476890)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476890/; classtype:trojan-activity;sid:84339990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476889)"; flow:established,from_client; content:"GET"; http_method; content:"/gigab.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botz.packetware.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476889/; classtype:trojan-activity;sid:84339989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476885)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476885/; classtype:trojan-activity;sid:84339985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476886)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476886/; classtype:trojan-activity;sid:84339986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476887)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476887/; classtype:trojan-activity;sid:84339987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476888)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476888/; classtype:trojan-activity;sid:84339988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476884)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476884/; classtype:trojan-activity;sid:84339984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476877)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476877/; classtype:trojan-activity;sid:84339977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476878)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476878/; classtype:trojan-activity;sid:84339978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476879)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476879/; classtype:trojan-activity;sid:84339979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476880)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476880/; classtype:trojan-activity;sid:84339980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476881)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476881/; classtype:trojan-activity;sid:84339981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476882)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476882/; classtype:trojan-activity;sid:84339982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476883)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476883/; classtype:trojan-activity;sid:84339983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.180.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476876/; classtype:trojan-activity;sid:84339976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476875/; classtype:trojan-activity;sid:84339975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.54.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476874/; classtype:trojan-activity;sid:84339974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.226.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476872/; classtype:trojan-activity;sid:84339972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.35.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476873/; classtype:trojan-activity;sid:84339973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476871)"; flow:established,from_client; content:"GET"; http_method; content:"/ofq3fxxszl.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476871/; classtype:trojan-activity;sid:84339971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.230.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476870/; classtype:trojan-activity;sid:84339970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.43.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476869/; classtype:trojan-activity;sid:84339969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.164.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476868/; classtype:trojan-activity;sid:84339968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476866)"; flow:established,from_client; content:"GET"; http_method; content:"/pods.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476866/; classtype:trojan-activity;sid:84339966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476867)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.geguk.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476867/; classtype:trojan-activity;sid:84339967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476865)"; flow:established,from_client; content:"GET"; http_method; content:"/news.msi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476865/; classtype:trojan-activity;sid:84339965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476864)"; flow:established,from_client; content:"GET"; http_method; content:"/new.msi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476864/; classtype:trojan-activity;sid:84339964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476861)"; flow:established,from_client; content:"GET"; http_method; content:"/new%20-%20copy.bat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476861/; classtype:trojan-activity;sid:84339961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476862)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476862/; classtype:trojan-activity;sid:84339962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476863)"; flow:established,from_client; content:"GET"; http_method; content:"/zoom.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476863/; classtype:trojan-activity;sid:84339963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476858)"; flow:established,from_client; content:"GET"; http_method; content:"/d901z6ya/sepa_%c3%9cberweisungsschein_eft0314205.lnk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476858/; classtype:trojan-activity;sid:84339958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476859)"; flow:established,from_client; content:"GET"; http_method; content:"/ford.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476859/; classtype:trojan-activity;sid:84339959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476860)"; flow:established,from_client; content:"GET"; http_method; content:"/srokage/statement%20invoice%20241150-10233.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476860/; classtype:trojan-activity;sid:84339960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476857)"; flow:established,from_client; content:"GET"; http_method; content:"/p018zdp/rechnung%20no.31150-1083-0086.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476857/; classtype:trojan-activity;sid:84339957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476856)"; flow:established,from_client; content:"GET"; http_method; content:"/dei.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"malawi-light-pill-bolt.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476856/; classtype:trojan-activity;sid:84339956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.194.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476855/; classtype:trojan-activity;sid:84339955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476850)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476850/; classtype:trojan-activity;sid:84339950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476851)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476851/; classtype:trojan-activity;sid:84339951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476852/; classtype:trojan-activity;sid:84339952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476853/; classtype:trojan-activity;sid:84339953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476854/; classtype:trojan-activity;sid:84339954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476844/; classtype:trojan-activity;sid:84339944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476845/; classtype:trojan-activity;sid:84339945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476846/; classtype:trojan-activity;sid:84339946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476847/; classtype:trojan-activity;sid:84339947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476848/; classtype:trojan-activity;sid:84339948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476849/; classtype:trojan-activity;sid:84339949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.100.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476843/; classtype:trojan-activity;sid:84339943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.180.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476842/; classtype:trojan-activity;sid:84339942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476841/; classtype:trojan-activity;sid:84339941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.255.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476840/; classtype:trojan-activity;sid:84339940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.184.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476839/; classtype:trojan-activity;sid:84339939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.91.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476838/; classtype:trojan-activity;sid:84339938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.226.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476837/; classtype:trojan-activity;sid:84339937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476836/; classtype:trojan-activity;sid:84339936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.149.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476835/; classtype:trojan-activity;sid:84339935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476834/; classtype:trojan-activity;sid:84339934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.241.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476833/; classtype:trojan-activity;sid:84339933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.98.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476832/; classtype:trojan-activity;sid:84339932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.103.69.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476831/; classtype:trojan-activity;sid:84339931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476830)"; flow:established,from_client; content:"GET"; http_method; content:"/jeanlucasgomes/universal-hwid-spoofer/releases/download/seedlet/universal-hwid-spoofer-seedlet.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476830/; classtype:trojan-activity;sid:84339930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476829)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"riverside.zone"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476829/; classtype:trojan-activity;sid:84339929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476822)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicaynone/hwid-spoofer-and-cleaner-2024/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476822/; classtype:trojan-activity;sid:84339922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476823)"; flow:established,from_client; content:"GET"; http_method; content:"/calixo223/monotone-hwid-spoofer/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476823/; classtype:trojan-activity;sid:84339923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476824)"; flow:established,from_client; content:"GET"; http_method; content:"/shaun431/fortnitespoofer/releases/download/v1.8.5/fortnitespoofer_v1.8.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476824/; classtype:trojan-activity;sid:84339924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476825)"; flow:established,from_client; content:"GET"; http_method; content:"/1tthens1/pmi/raw/refs/heads/main/devm25.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476825/; classtype:trojan-activity;sid:84339925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476826)"; flow:established,from_client; content:"GET"; http_method; content:"/nonsking2215/universal-hwid-spoofer/releases/download/2.4.3/universal-hwid-spoofer-2.4.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476826/; classtype:trojan-activity;sid:84339926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476827)"; flow:established,from_client; content:"GET"; http_method; content:"/brandonmunguia/fortnitespoofer/releases/download/tarnishment/fortnitespoofer_tarnishment.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476827/; classtype:trojan-activity;sid:84339927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476828)"; flow:established,from_client; content:"GET"; http_method; content:"/williambradev/fortnitespoofer/releases/download/3.9.0-alpha.1/fortnitespoofer_3.9.0-alpha.1.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476828/; classtype:trojan-activity;sid:84339928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476821)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/muduueln"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476821/; classtype:trojan-activity;sid:84339921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.73.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476820/; classtype:trojan-activity;sid:84339920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.217.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476819/; classtype:trojan-activity;sid:84339919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.184.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476818/; classtype:trojan-activity;sid:84339918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476817)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.momas.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476817/; classtype:trojan-activity;sid:84339917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476816/; classtype:trojan-activity;sid:84339916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476815/; classtype:trojan-activity;sid:84339915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476814/; classtype:trojan-activity;sid:84339914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.43.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476813/; classtype:trojan-activity;sid:84339913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.149.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476812/; classtype:trojan-activity;sid:84339912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.66.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476810/; classtype:trojan-activity;sid:84339910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476811/; classtype:trojan-activity;sid:84339911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476809/; classtype:trojan-activity;sid:84339909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.240.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476808/; classtype:trojan-activity;sid:84339908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476807)"; flow:established,from_client; content:"GET"; http_method; content:"/thbwk4q5yb.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476807/; classtype:trojan-activity;sid:84339907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.96.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476806/; classtype:trojan-activity;sid:84339906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.185.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476805/; classtype:trojan-activity;sid:84339905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.82.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476804/; classtype:trojan-activity;sid:84339904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476803/; classtype:trojan-activity;sid:84339903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.60.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476802/; classtype:trojan-activity;sid:84339902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.108.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476801/; classtype:trojan-activity;sid:84339901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.252.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476800/; classtype:trojan-activity;sid:84339900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476799/; classtype:trojan-activity;sid:84339899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.30.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476797/; classtype:trojan-activity;sid:84339897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.240.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476798/; classtype:trojan-activity;sid:84339898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.217.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476795/; classtype:trojan-activity;sid:84339895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476796/; classtype:trojan-activity;sid:84339896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.240.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476794/; classtype:trojan-activity;sid:84339894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.66.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476793/; classtype:trojan-activity;sid:84339893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476792/; classtype:trojan-activity;sid:84339892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.217.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476791/; classtype:trojan-activity;sid:84339891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.35.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476790/; classtype:trojan-activity;sid:84339890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.43.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476789/; classtype:trojan-activity;sid:84339889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476788/; classtype:trojan-activity;sid:84339888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.112.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476787/; classtype:trojan-activity;sid:84339887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.207.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476786/; classtype:trojan-activity;sid:84339886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.112.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476784/; classtype:trojan-activity;sid:84339884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.60.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476785/; classtype:trojan-activity;sid:84339885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476783/; classtype:trojan-activity;sid:84339883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.240.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476782/; classtype:trojan-activity;sid:84339882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476781/; classtype:trojan-activity;sid:84339881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.183.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476780/; classtype:trojan-activity;sid:84339880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.217.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476779/; classtype:trojan-activity;sid:84339879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.112.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476778/; classtype:trojan-activity;sid:84339878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476777/; classtype:trojan-activity;sid:84339877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.183.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476776/; classtype:trojan-activity;sid:84339876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476775/; classtype:trojan-activity;sid:84339875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.213.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476774/; classtype:trojan-activity;sid:84339874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476773)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4uzt.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476773/; classtype:trojan-activity;sid:84339873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476772)"; flow:established,from_client; content:"GET"; http_method; content:"/xhdjzs.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476772/; classtype:trojan-activity;sid:84339872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476771)"; flow:established,from_client; content:"GET"; http_method; content:"/g6mac3.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476771/; classtype:trojan-activity;sid:84339871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476770)"; flow:established,from_client; content:"GET"; http_method; content:"/o5w3yq.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476770/; classtype:trojan-activity;sid:84339870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476769)"; flow:established,from_client; content:"GET"; http_method; content:"/gt2njt.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476769/; classtype:trojan-activity;sid:84339869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476768)"; flow:established,from_client; content:"GET"; http_method; content:"/j697j3.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476768/; classtype:trojan-activity;sid:84339868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.67.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476767/; classtype:trojan-activity;sid:84339867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476756)"; flow:established,from_client; content:"GET"; http_method; content:"/iv0urkl2e3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476756/; classtype:trojan-activity;sid:84339856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476757)"; flow:established,from_client; content:"GET"; http_method; content:"/seaofthieves.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476757/; classtype:trojan-activity;sid:84339857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476758)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476758/; classtype:trojan-activity;sid:84339858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476759)"; flow:established,from_client; content:"GET"; http_method; content:"/apex.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476759/; classtype:trojan-activity;sid:84339859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476760)"; flow:established,from_client; content:"GET"; http_method; content:"/rust.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476760/; classtype:trojan-activity;sid:84339860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476761)"; flow:established,from_client; content:"GET"; http_method; content:"/warthunder.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476761/; classtype:trojan-activity;sid:84339861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476762)"; flow:established,from_client; content:"GET"; http_method; content:"/warzone.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476762/; classtype:trojan-activity;sid:84339862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476763)"; flow:established,from_client; content:"GET"; http_method; content:"/fortnite.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476763/; classtype:trojan-activity;sid:84339863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476764)"; flow:established,from_client; content:"GET"; http_method; content:"/rdr2.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476764/; classtype:trojan-activity;sid:84339864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476765)"; flow:established,from_client; content:"GET"; http_method; content:"/gta.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476765/; classtype:trojan-activity;sid:84339865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476766)"; flow:established,from_client; content:"GET"; http_method; content:"/overwatch2.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"41.216.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476766/; classtype:trojan-activity;sid:84339866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476755)"; flow:established,from_client; content:"GET"; http_method; content:"/myprincessakira/jarvas/blob/main/videos_redirect.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476755/; classtype:trojan-activity;sid:84339855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476754/; classtype:trojan-activity;sid:84339854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476753)"; flow:established,from_client; content:"GET"; http_method; content:"/myprincessakira/jarvas/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476753/; classtype:trojan-activity;sid:84339853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476751)"; flow:established,from_client; content:"GET"; http_method; content:"/myprincessakira/jarvas/blob/main/gorm.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476751/; classtype:trojan-activity;sid:84339851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476752)"; flow:established,from_client; content:"GET"; http_method; content:"/myprincessakira/jarvas/blob/main/cqqjbi.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476752/; classtype:trojan-activity;sid:84339852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.252.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476750/; classtype:trojan-activity;sid:84339850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476749/; classtype:trojan-activity;sid:84339849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.83.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476748/; classtype:trojan-activity;sid:84339848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.206.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476747/; classtype:trojan-activity;sid:84339847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.67.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476746/; classtype:trojan-activity;sid:84339846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476745/; classtype:trojan-activity;sid:84339845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476744/; classtype:trojan-activity;sid:84339844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.64.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476743/; classtype:trojan-activity;sid:84339843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476742/; classtype:trojan-activity;sid:84339842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.62.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476741/; classtype:trojan-activity;sid:84339841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476740/; classtype:trojan-activity;sid:84339840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.51.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476739/; classtype:trojan-activity;sid:84339839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.67.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476737/; classtype:trojan-activity;sid:84339837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.196.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476738/; classtype:trojan-activity;sid:84339838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476731/; classtype:trojan-activity;sid:84339831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476732/; classtype:trojan-activity;sid:84339832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476733/; classtype:trojan-activity;sid:84339833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.139.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476734/; classtype:trojan-activity;sid:84339834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.139.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476735/; classtype:trojan-activity;sid:84339835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.55.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476736/; classtype:trojan-activity;sid:84339836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.199.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476730/; classtype:trojan-activity;sid:84339830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476729/; classtype:trojan-activity;sid:84339829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.215.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476727/; classtype:trojan-activity;sid:84339827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476728/; classtype:trojan-activity;sid:84339828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476726/; classtype:trojan-activity;sid:84339826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476723/; classtype:trojan-activity;sid:84339823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476724/; classtype:trojan-activity;sid:84339824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476725/; classtype:trojan-activity;sid:84339825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.64.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476722/; classtype:trojan-activity;sid:84339822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.37.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476721/; classtype:trojan-activity;sid:84339821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.83.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476720/; classtype:trojan-activity;sid:84339820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.134.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476719/; classtype:trojan-activity;sid:84339819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476718/; classtype:trojan-activity;sid:84339818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476717/; classtype:trojan-activity;sid:84339817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476716/; classtype:trojan-activity;sid:84339816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.62.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476715/; classtype:trojan-activity;sid:84339815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.14.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476714/; classtype:trojan-activity;sid:84339814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.82.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476713/; classtype:trojan-activity;sid:84339813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476712/; classtype:trojan-activity;sid:84339812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.51.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476711/; classtype:trojan-activity;sid:84339811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476710/; classtype:trojan-activity;sid:84339810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.152.146.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476709/; classtype:trojan-activity;sid:84339809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.153.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476708/; classtype:trojan-activity;sid:84339808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.134.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476707/; classtype:trojan-activity;sid:84339807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476706/; classtype:trojan-activity;sid:84339806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.30.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476705/; classtype:trojan-activity;sid:84339805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476704)"; flow:established,from_client; content:"GET"; http_method; content:"/download/installer.msi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"anchorupdate.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476704/; classtype:trojan-activity;sid:84339804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476703)"; flow:established,from_client; content:"GET"; http_method; content:"/flkulqgpus.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476703/; classtype:trojan-activity;sid:84339803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476702)"; flow:established,from_client; content:"GET"; http_method; content:"/a2b9746c-2ab5-4106-a1a6-cebc1ad2f147/datablob.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"usaaeastnode.azureedge.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476702/; classtype:trojan-activity;sid:84339802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476701/; classtype:trojan-activity;sid:84339801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.29.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476700/; classtype:trojan-activity;sid:84339800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476699/; classtype:trojan-activity;sid:84339799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476698/; classtype:trojan-activity;sid:84339798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476697/; classtype:trojan-activity;sid:84339797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.208.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476696/; classtype:trojan-activity;sid:84339796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.88.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476695/; classtype:trojan-activity;sid:84339795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.136.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476694/; classtype:trojan-activity;sid:84339794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.29.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476693/; classtype:trojan-activity;sid:84339793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.153.76.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476691/; classtype:trojan-activity;sid:84339791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.47.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476692/; classtype:trojan-activity;sid:84339792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476690/; classtype:trojan-activity;sid:84339790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.223.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476689/; classtype:trojan-activity;sid:84339789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.184.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476688/; classtype:trojan-activity;sid:84339788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476687/; classtype:trojan-activity;sid:84339787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.14.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476686/; classtype:trojan-activity;sid:84339786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.119.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476685/; classtype:trojan-activity;sid:84339785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476684/; classtype:trojan-activity;sid:84339784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.169.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476683/; classtype:trojan-activity;sid:84339783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.88.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476682/; classtype:trojan-activity;sid:84339782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.114.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476681/; classtype:trojan-activity;sid:84339781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.165.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476680/; classtype:trojan-activity;sid:84339780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.23.140"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476679/; classtype:trojan-activity;sid:84339779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476678/; classtype:trojan-activity;sid:84339778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.57.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476677/; classtype:trojan-activity;sid:84339777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.63.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476675/; classtype:trojan-activity;sid:84339775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.114.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476676/; classtype:trojan-activity;sid:84339776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476674)"; flow:established,from_client; content:"GET"; http_method; content:"/2z0eaeksb4.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476674/; classtype:trojan-activity;sid:84339774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476673/; classtype:trojan-activity;sid:84339773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.108.109.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476671/; classtype:trojan-activity;sid:84339771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.21.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476672/; classtype:trojan-activity;sid:84339772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.152.146.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476670/; classtype:trojan-activity;sid:84339770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.17.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476668/; classtype:trojan-activity;sid:84339768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.223.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476669/; classtype:trojan-activity;sid:84339769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.21.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476666/; classtype:trojan-activity;sid:84339766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.176.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476667/; classtype:trojan-activity;sid:84339767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476665/; classtype:trojan-activity;sid:84339765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.108.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476663/; classtype:trojan-activity;sid:84339763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.128.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476664/; classtype:trojan-activity;sid:84339764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476659/; classtype:trojan-activity;sid:84339759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.146.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476660/; classtype:trojan-activity;sid:84339760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.176.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476661/; classtype:trojan-activity;sid:84339761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.117.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476662/; classtype:trojan-activity;sid:84339762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476658/; classtype:trojan-activity;sid:84339758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.246.71.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476657/; classtype:trojan-activity;sid:84339757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.201.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476656/; classtype:trojan-activity;sid:84339756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.124.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476655/; classtype:trojan-activity;sid:84339755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.juhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476654/; classtype:trojan-activity;sid:84339754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.73.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476653/; classtype:trojan-activity;sid:84339753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.qmhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476652/; classtype:trojan-activity;sid:84339752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"uhmd-rw2.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476649/; classtype:trojan-activity;sid:84339749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.rwhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476650/; classtype:trojan-activity;sid:84339750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.ichelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476651/; classtype:trojan-activity;sid:84339751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.efhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476646/; classtype:trojan-activity;sid:84339746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"p.djhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476647/; classtype:trojan-activity;sid:84339747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.qehelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476648/; classtype:trojan-activity;sid:84339748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476645)"; flow:established,from_client; content:"GET"; http_method; content:"/pp4dkhy4jf.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476645/; classtype:trojan-activity;sid:84339745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476644)"; flow:established,from_client; content:"GET"; http_method; content:"/files/kabby/trano.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476644/; classtype:trojan-activity;sid:84339744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476643)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6142491850/s7mg2vl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476643/; classtype:trojan-activity;sid:84339743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476639)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sql_gulong1/random.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476639/; classtype:trojan-activity;sid:84339739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476640)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5765828710/7t7bcya.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476640/; classtype:trojan-activity;sid:84339740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476641)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin3/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476641/; classtype:trojan-activity;sid:84339741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476642)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1482809150/st22bjg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476642/; classtype:trojan-activity;sid:84339742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476636)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6723359323/prnfmm4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476636/; classtype:trojan-activity;sid:84339736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476637)"; flow:established,from_client; content:"GET"; http_method; content:"/files/crazytimeya/random.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476637/; classtype:trojan-activity;sid:84339737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476638)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5003359882/owpn5e9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476638/; classtype:trojan-activity;sid:84339738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476634)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5149365135/7kvolqr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476634/; classtype:trojan-activity;sid:84339734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476635)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1087989943/go7ya2t.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476635/; classtype:trojan-activity;sid:84339735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476631)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6012304042/gtjfhji.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476631/; classtype:trojan-activity;sid:84339731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476632)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1776217475/9jfikvm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476632/; classtype:trojan-activity;sid:84339732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.36.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476633/; classtype:trojan-activity;sid:84339733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476630)"; flow:established,from_client; content:"GET"; http_method; content:"/brandonmunguia/fortnitespoofer/raw/f9d8d79d66804294da132ab7843f056ee4e94765/tempspoofer.exe"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476630/; classtype:trojan-activity;sid:84339730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476626)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7033027882/zqkkpwg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476626/; classtype:trojan-activity;sid:84339726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476627)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6012304042/jfn8fjt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476627/; classtype:trojan-activity;sid:84339727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476628)"; flow:established,from_client; content:"GET"; http_method; content:"/files/424104125/xw3itet.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476628/; classtype:trojan-activity;sid:84339728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476629)"; flow:established,from_client; content:"GET"; http_method; content:"/nonsking2215/universal-hwid-spoofer/raw/950fb0e6f70df7ca15d42a17f9777d5ac4b297bf/universalspoofer.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476629/; classtype:trojan-activity;sid:84339729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.246.71.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476625/; classtype:trojan-activity;sid:84339725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.201.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476624/; classtype:trojan-activity;sid:84339724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.184.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476623/; classtype:trojan-activity;sid:84339723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.173.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476622/; classtype:trojan-activity;sid:84339722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.73.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476621/; classtype:trojan-activity;sid:84339721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.61.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476620/; classtype:trojan-activity;sid:84339720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476613/; classtype:trojan-activity;sid:84339713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476614/; classtype:trojan-activity;sid:84339714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476615/; classtype:trojan-activity;sid:84339715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.5.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476616/; classtype:trojan-activity;sid:84339716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.102.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476617/; classtype:trojan-activity;sid:84339717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.28.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476618/; classtype:trojan-activity;sid:84339718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476619/; classtype:trojan-activity;sid:84339719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476612/; classtype:trojan-activity;sid:84339712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.10.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476611/; classtype:trojan-activity;sid:84339711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.36.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476610/; classtype:trojan-activity;sid:84339710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476609/; classtype:trojan-activity;sid:84339709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.50.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476608/; classtype:trojan-activity;sid:84339708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.94.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476607/; classtype:trojan-activity;sid:84339707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.177.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476606/; classtype:trojan-activity;sid:84339706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476605)"; flow:established,from_client; content:"GET"; http_method; content:"/v6akekky13.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476605/; classtype:trojan-activity;sid:84339705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.85.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476604/; classtype:trojan-activity;sid:84339704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.85.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476603/; classtype:trojan-activity;sid:84339703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.50.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476602/; classtype:trojan-activity;sid:84339702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.72.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476598/; classtype:trojan-activity;sid:84339698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.164.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476599/; classtype:trojan-activity;sid:84339699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.164.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476600/; classtype:trojan-activity;sid:84339700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.186.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476601/; classtype:trojan-activity;sid:84339701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.161.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476597/; classtype:trojan-activity;sid:84339697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.132.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476596/; classtype:trojan-activity;sid:84339696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.111.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476595/; classtype:trojan-activity;sid:84339695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476593)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/minecraft-nao-responsivo/releases/download/v2.0/release_x64.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476593/; classtype:trojan-activity;sid:84339693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476594)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/tiagoferlacamini/releases/download/v2.0/release_x64.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476594/; classtype:trojan-activity;sid:84339694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476586)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/cofee/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476586/; classtype:trojan-activity;sid:84339686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476587)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/rafaballerini/releases/download/v2.0/release_x64.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476587/; classtype:trojan-activity;sid:84339687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476588)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/testedeavaliacao/releases/download/v2.0/release_x64.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476588/; classtype:trojan-activity;sid:84339688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476589)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/coolaxolotl/releases/download/v2.0/release_x64.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476589/; classtype:trojan-activity;sid:84339689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476590)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/login-first/releases/download/v2.0/release_x64.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476590/; classtype:trojan-activity;sid:84339690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476591)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/coofe/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476591/; classtype:trojan-activity;sid:84339691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476592)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/new-portif-lio/releases/download/v2.0/release_x64.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476592/; classtype:trojan-activity;sid:84339692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.89.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476585/; classtype:trojan-activity;sid:84339685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.84.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476584/; classtype:trojan-activity;sid:84339684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476583/; classtype:trojan-activity;sid:84339683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.71.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476582/; classtype:trojan-activity;sid:84339682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476581)"; flow:established,from_client; content:"GET"; http_method; content:"/9kql7d8d2b.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476581/; classtype:trojan-activity;sid:84339681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476576)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"booking.guests-reservid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476576/; classtype:trojan-activity;sid:84339676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476577)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"guests-reservid.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476577/; classtype:trojan-activity;sid:84339677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476578/; classtype:trojan-activity;sid:84339678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476579)"; flow:established,from_client; content:"GET"; http_method; content:"/sxszfymakxlkceeu.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"w19-seasalt.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476579/; classtype:trojan-activity;sid:84339679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476580)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.guests-reservid.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476580/; classtype:trojan-activity;sid:84339680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476573)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476573/; classtype:trojan-activity;sid:84339673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476574)"; flow:established,from_client; content:"GET"; http_method; content:"/home/action.logout.php|3f|return=///guests-reservid.com"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"yocone.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476574/; classtype:trojan-activity;sid:84339674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476575)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"w19-seasalt.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476575/; classtype:trojan-activity;sid:84339675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.38.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476572/; classtype:trojan-activity;sid:84339672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.47.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476571/; classtype:trojan-activity;sid:84339671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.191.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476570/; classtype:trojan-activity;sid:84339670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.161.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476569/; classtype:trojan-activity;sid:84339669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.94.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476568/; classtype:trojan-activity;sid:84339668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476567)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.tevoh.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476567/; classtype:trojan-activity;sid:84339667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476566/; classtype:trojan-activity;sid:84339666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476565/; classtype:trojan-activity;sid:84339665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.122.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476564/; classtype:trojan-activity;sid:84339664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.94.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476563/; classtype:trojan-activity;sid:84339663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pn3699.jigisekar.cyou"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476562/; classtype:trojan-activity;sid:84339662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tulicrp.engajroker.cyou"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476561/; classtype:trojan-activity;sid:84339661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.62.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476560/; classtype:trojan-activity;sid:84339660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.170.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476559/; classtype:trojan-activity;sid:84339659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476558)"; flow:established,from_client; content:"GET"; http_method; content:"/nikil1602/bypass-hwid-spoofer/releases/download/v1.2.6/bypass-hwid-spoofer-v1.2.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476558/; classtype:trojan-activity;sid:84339658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.55.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476557/; classtype:trojan-activity;sid:84339657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476556/; classtype:trojan-activity;sid:84339656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.184.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476555/; classtype:trojan-activity;sid:84339655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.154.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476554/; classtype:trojan-activity;sid:84339654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.84.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476553/; classtype:trojan-activity;sid:84339653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476552/; classtype:trojan-activity;sid:84339652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.93.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476551/; classtype:trojan-activity;sid:84339651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.80.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476550/; classtype:trojan-activity;sid:84339650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476549/; classtype:trojan-activity;sid:84339649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.239.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476548/; classtype:trojan-activity;sid:84339648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.94.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476547/; classtype:trojan-activity;sid:84339647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.179.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476546/; classtype:trojan-activity;sid:84339646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.162.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476545/; classtype:trojan-activity;sid:84339645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.72.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476544/; classtype:trojan-activity;sid:84339644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.125.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476542/; classtype:trojan-activity;sid:84339642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.25.100.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476543/; classtype:trojan-activity;sid:84339643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.31.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476541/; classtype:trojan-activity;sid:84339641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.245.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476540/; classtype:trojan-activity;sid:84339640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476539)"; flow:established,from_client; content:"GET"; http_method; content:"/pabk3buchk.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476539/; classtype:trojan-activity;sid:84339639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.162.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476538/; classtype:trojan-activity;sid:84339638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476537/; classtype:trojan-activity;sid:84339637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.80.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476536/; classtype:trojan-activity;sid:84339636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.179.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476535/; classtype:trojan-activity;sid:84339635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.183.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476534/; classtype:trojan-activity;sid:84339634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.1.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476532/; classtype:trojan-activity;sid:84339632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.3.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476533/; classtype:trojan-activity;sid:84339633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.237.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476531/; classtype:trojan-activity;sid:84339631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.34.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476530/; classtype:trojan-activity;sid:84339630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.31.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476529/; classtype:trojan-activity;sid:84339629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.245.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476528/; classtype:trojan-activity;sid:84339628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.88.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476527/; classtype:trojan-activity;sid:84339627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.77.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476526/; classtype:trojan-activity;sid:84339626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.207.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476525/; classtype:trojan-activity;sid:84339625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.42.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476524/; classtype:trojan-activity;sid:84339624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.84.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476523/; classtype:trojan-activity;sid:84339623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.240.211.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476522/; classtype:trojan-activity;sid:84339622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.204.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476521/; classtype:trojan-activity;sid:84339621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476516/; classtype:trojan-activity;sid:84339616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476517/; classtype:trojan-activity;sid:84339617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.110.120.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476518/; classtype:trojan-activity;sid:84339618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.226.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476519/; classtype:trojan-activity;sid:84339619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.229.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476520/; classtype:trojan-activity;sid:84339620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.110"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476515/; classtype:trojan-activity;sid:84339615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.43.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476514/; classtype:trojan-activity;sid:84339614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.240.211.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476513/; classtype:trojan-activity;sid:84339613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.108.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476512/; classtype:trojan-activity;sid:84339612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.183.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476509/; classtype:trojan-activity;sid:84339609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476510/; classtype:trojan-activity;sid:84339610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476511/; classtype:trojan-activity;sid:84339611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476508/; classtype:trojan-activity;sid:84339608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476507/; classtype:trojan-activity;sid:84339607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.202.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476506/; classtype:trojan-activity;sid:84339606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.106.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476505/; classtype:trojan-activity;sid:84339605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.34.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476504/; classtype:trojan-activity;sid:84339604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.1.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476503/; classtype:trojan-activity;sid:84339603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.253.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476502/; classtype:trojan-activity;sid:84339602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.213.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476501/; classtype:trojan-activity;sid:84339601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.42.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476500/; classtype:trojan-activity;sid:84339600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.91.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476499/; classtype:trojan-activity;sid:84339599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.79.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476498/; classtype:trojan-activity;sid:84339598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.106.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476497/; classtype:trojan-activity;sid:84339597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.172.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476496/; classtype:trojan-activity;sid:84339596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476495)"; flow:established,from_client; content:"GET"; http_method; content:"/j0spyxw01h.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476495/; classtype:trojan-activity;sid:84339595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.77.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476494/; classtype:trojan-activity;sid:84339594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476493/; classtype:trojan-activity;sid:84339593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.79.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476491/; classtype:trojan-activity;sid:84339591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.202.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476492/; classtype:trojan-activity;sid:84339592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476489)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.100.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476489/; classtype:trojan-activity;sid:84339589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.94.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476490/; classtype:trojan-activity;sid:84339590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.5.231"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476488/; classtype:trojan-activity;sid:84339588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.81.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476487/; classtype:trojan-activity;sid:84339587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.125.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476486/; classtype:trojan-activity;sid:84339586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.75.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476485/; classtype:trojan-activity;sid:84339585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.77.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476484/; classtype:trojan-activity;sid:84339584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.200.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476483/; classtype:trojan-activity;sid:84339583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.184.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476482/; classtype:trojan-activity;sid:84339582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.214.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476481/; classtype:trojan-activity;sid:84339581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.5.231"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476480/; classtype:trojan-activity;sid:84339580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.8.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476478/; classtype:trojan-activity;sid:84339578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476479/; classtype:trojan-activity;sid:84339579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.118.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476477/; classtype:trojan-activity;sid:84339577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.200.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476476/; classtype:trojan-activity;sid:84339576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476475/; classtype:trojan-activity;sid:84339575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.38.148.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476471/; classtype:trojan-activity;sid:84339571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.75.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476472/; classtype:trojan-activity;sid:84339572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.81.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476473/; classtype:trojan-activity;sid:84339573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.177.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476474/; classtype:trojan-activity;sid:84339574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.88.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476470/; classtype:trojan-activity;sid:84339570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.176.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476469/; classtype:trojan-activity;sid:84339569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.80.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476468/; classtype:trojan-activity;sid:84339568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.142.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476467/; classtype:trojan-activity;sid:84339567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.77.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476466/; classtype:trojan-activity;sid:84339566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.76.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476464/; classtype:trojan-activity;sid:84339564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.178.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476465/; classtype:trojan-activity;sid:84339565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.8.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476463/; classtype:trojan-activity;sid:84339563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.214.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476462/; classtype:trojan-activity;sid:84339562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476461/; classtype:trojan-activity;sid:84339561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476460)"; flow:established,from_client; content:"GET"; http_method; content:"/d0pkzlkbiq.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476460/; classtype:trojan-activity;sid:84339560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.76.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476459/; classtype:trojan-activity;sid:84339559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.88.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476458/; classtype:trojan-activity;sid:84339558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.34.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476457/; classtype:trojan-activity;sid:84339557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.238.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476456/; classtype:trojan-activity;sid:84339556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.128.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476455/; classtype:trojan-activity;sid:84339555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476453/; classtype:trojan-activity;sid:84339553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.4.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476454/; classtype:trojan-activity;sid:84339554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476452/; classtype:trojan-activity;sid:84339552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.176.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476451/; classtype:trojan-activity;sid:84339551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.30.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476450/; classtype:trojan-activity;sid:84339550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.171.168.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476449/; classtype:trojan-activity;sid:84339549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.171.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476448/; classtype:trojan-activity;sid:84339548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476447/; classtype:trojan-activity;sid:84339547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.54.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476446/; classtype:trojan-activity;sid:84339546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476445/; classtype:trojan-activity;sid:84339545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.176.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476444/; classtype:trojan-activity;sid:84339544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476443)"; flow:established,from_client; content:"GET"; http_method; content:"/v5.tgz"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"worldsport.com.ar"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476443/; classtype:trojan-activity;sid:84339543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476442/; classtype:trojan-activity;sid:84339542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.154.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476441/; classtype:trojan-activity;sid:84339541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476440)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.106.100.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476440/; classtype:trojan-activity;sid:84339540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.238.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476439/; classtype:trojan-activity;sid:84339539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.255.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476438/; classtype:trojan-activity;sid:84339538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.142.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476437/; classtype:trojan-activity;sid:84339537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.118.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476436/; classtype:trojan-activity;sid:84339536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476435/; classtype:trojan-activity;sid:84339535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.123.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476434/; classtype:trojan-activity;sid:84339534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.148.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476433/; classtype:trojan-activity;sid:84339533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.26.25.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476432/; classtype:trojan-activity;sid:84339532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.139.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476431/; classtype:trojan-activity;sid:84339531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.123.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476430/; classtype:trojan-activity;sid:84339530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.93.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476429/; classtype:trojan-activity;sid:84339529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.154.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476428/; classtype:trojan-activity;sid:84339528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476427)"; flow:established,from_client; content:"GET"; http_method; content:"/8dppe0s8v2.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476427/; classtype:trojan-activity;sid:84339527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476426/; classtype:trojan-activity;sid:84339526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.120.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476425/; classtype:trojan-activity;sid:84339525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.163.57.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476424/; classtype:trojan-activity;sid:84339524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.205.70.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476423/; classtype:trojan-activity;sid:84339523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476422/; classtype:trojan-activity;sid:84339522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.139.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476421/; classtype:trojan-activity;sid:84339521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.93.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476420/; classtype:trojan-activity;sid:84339520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.16.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476419/; classtype:trojan-activity;sid:84339519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.225.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476417/; classtype:trojan-activity;sid:84339517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.120.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476418/; classtype:trojan-activity;sid:84339518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.217.43.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476416/; classtype:trojan-activity;sid:84339516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.142.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476415/; classtype:trojan-activity;sid:84339515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.202.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476414/; classtype:trojan-activity;sid:84339514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.125.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476413/; classtype:trojan-activity;sid:84339513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.166.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476412/; classtype:trojan-activity;sid:84339512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.133.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476411/; classtype:trojan-activity;sid:84339511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.55.149.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476410/; classtype:trojan-activity;sid:84339510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476409/; classtype:trojan-activity;sid:84339509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476407/; classtype:trojan-activity;sid:84339507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.177.111.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476408/; classtype:trojan-activity;sid:84339508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476403/; classtype:trojan-activity;sid:84339503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476404/; classtype:trojan-activity;sid:84339504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.216.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476405/; classtype:trojan-activity;sid:84339505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.19.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476406/; classtype:trojan-activity;sid:84339506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.152.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476402/; classtype:trojan-activity;sid:84339502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.6.211.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476401/; classtype:trojan-activity;sid:84339501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476400/; classtype:trojan-activity;sid:84339500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.94.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476399/; classtype:trojan-activity;sid:84339499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.73.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476397/; classtype:trojan-activity;sid:84339497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.90.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476398/; classtype:trojan-activity;sid:84339498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476396/; classtype:trojan-activity;sid:84339496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.202.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476395/; classtype:trojan-activity;sid:84339495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.21.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476394/; classtype:trojan-activity;sid:84339494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.76.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476393/; classtype:trojan-activity;sid:84339493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476392/; classtype:trojan-activity;sid:84339492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.230.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476391/; classtype:trojan-activity;sid:84339491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.9.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476390/; classtype:trojan-activity;sid:84339490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.123.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476389/; classtype:trojan-activity;sid:84339489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.78.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476388/; classtype:trojan-activity;sid:84339488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.166.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476387/; classtype:trojan-activity;sid:84339487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476386/; classtype:trojan-activity;sid:84339486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.111.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476385/; classtype:trojan-activity;sid:84339485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476384/; classtype:trojan-activity;sid:84339484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476383/; classtype:trojan-activity;sid:84339483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.9.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476381/; classtype:trojan-activity;sid:84339481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476382/; classtype:trojan-activity;sid:84339482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.170.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476380/; classtype:trojan-activity;sid:84339480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476379)"; flow:established,from_client; content:"GET"; http_method; content:"/jh3gav0wzx.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476379/; classtype:trojan-activity;sid:84339479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.151.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476378/; classtype:trojan-activity;sid:84339478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.124.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476377/; classtype:trojan-activity;sid:84339477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476376/; classtype:trojan-activity;sid:84339476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.109.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476375/; classtype:trojan-activity;sid:84339475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.21.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476374/; classtype:trojan-activity;sid:84339474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.65.147.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476373/; classtype:trojan-activity;sid:84339473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.103.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476372/; classtype:trojan-activity;sid:84339472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.79.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476371/; classtype:trojan-activity;sid:84339471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.123.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476370/; classtype:trojan-activity;sid:84339470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476369/; classtype:trojan-activity;sid:84339469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.163.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476368/; classtype:trojan-activity;sid:84339468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.79.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476367/; classtype:trojan-activity;sid:84339467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.78.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476366/; classtype:trojan-activity;sid:84339466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.100.178.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476364/; classtype:trojan-activity;sid:84339464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.142.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476365/; classtype:trojan-activity;sid:84339465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.151.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476363/; classtype:trojan-activity;sid:84339463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.65.147.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476362/; classtype:trojan-activity;sid:84339462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.48.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476361/; classtype:trojan-activity;sid:84339461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.183.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476360/; classtype:trojan-activity;sid:84339460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.163.57.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476359/; classtype:trojan-activity;sid:84339459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.109.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476358/; classtype:trojan-activity;sid:84339458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.76.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476357/; classtype:trojan-activity;sid:84339457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.27.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476356/; classtype:trojan-activity;sid:84339456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.160.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476355/; classtype:trojan-activity;sid:84339455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.250.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476354/; classtype:trojan-activity;sid:84339454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.81.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476351/; classtype:trojan-activity;sid:84339451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.116.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476352/; classtype:trojan-activity;sid:84339452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.103.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476353/; classtype:trojan-activity;sid:84339453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476349/; classtype:trojan-activity;sid:84339449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476350/; classtype:trojan-activity;sid:84339450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.200.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476348/; classtype:trojan-activity;sid:84339448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.156.224.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476347/; classtype:trojan-activity;sid:84339447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.105.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476346/; classtype:trojan-activity;sid:84339446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.178.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476345/; classtype:trojan-activity;sid:84339445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.18.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476344/; classtype:trojan-activity;sid:84339444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476343/; classtype:trojan-activity;sid:84339443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.156.224.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476342/; classtype:trojan-activity;sid:84339442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.60.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476341/; classtype:trojan-activity;sid:84339441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476339)"; flow:established,from_client; content:"GET"; http_method; content:"/yc2zqmc5n7.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476339/; classtype:trojan-activity;sid:84339439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.191.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476340/; classtype:trojan-activity;sid:84339440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476338/; classtype:trojan-activity;sid:84339438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.195.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476337/; classtype:trojan-activity;sid:84339437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.195.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476336/; classtype:trojan-activity;sid:84339436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.210.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476335/; classtype:trojan-activity;sid:84339435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476334/; classtype:trojan-activity;sid:84339434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476333/; classtype:trojan-activity;sid:84339433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.46.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476332/; classtype:trojan-activity;sid:84339432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.170.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476330/; classtype:trojan-activity;sid:84339430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.56.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476331/; classtype:trojan-activity;sid:84339431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.166.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476329/; classtype:trojan-activity;sid:84339429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.60.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476328/; classtype:trojan-activity;sid:84339428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476327/; classtype:trojan-activity;sid:84339427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.210.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476326/; classtype:trojan-activity;sid:84339426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.157"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476325/; classtype:trojan-activity;sid:84339425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.112.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476324/; classtype:trojan-activity;sid:84339424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.56.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476323/; classtype:trojan-activity;sid:84339423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.166.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476322/; classtype:trojan-activity;sid:84339422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.157"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476321/; classtype:trojan-activity;sid:84339421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.93.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476320/; classtype:trojan-activity;sid:84339420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476319)"; flow:established,from_client; content:"GET"; http_method; content:"/cmpt3hymls.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476319/; classtype:trojan-activity;sid:84339419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.6.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476318/; classtype:trojan-activity;sid:84339418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476317/; classtype:trojan-activity;sid:84339417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476315/; classtype:trojan-activity;sid:84339415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.112.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476316/; classtype:trojan-activity;sid:84339416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.93.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476314/; classtype:trojan-activity;sid:84339414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.147.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476313/; classtype:trojan-activity;sid:84339413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476312/; classtype:trojan-activity;sid:84339412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.195.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476311/; classtype:trojan-activity;sid:84339411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476309)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476309/; classtype:trojan-activity;sid:84339409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476310)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476310/; classtype:trojan-activity;sid:84339410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476308)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476308/; classtype:trojan-activity;sid:84339408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476307)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476307/; classtype:trojan-activity;sid:84339407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476305)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476305/; classtype:trojan-activity;sid:84339405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476306)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476306/; classtype:trojan-activity;sid:84339406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476299)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476299/; classtype:trojan-activity;sid:84339399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476300)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476300/; classtype:trojan-activity;sid:84339400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476301)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.superh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476301/; classtype:trojan-activity;sid:84339401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476302)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476302/; classtype:trojan-activity;sid:84339402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476303)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476303/; classtype:trojan-activity;sid:84339403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476304)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476304/; classtype:trojan-activity;sid:84339404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.146.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476298/; classtype:trojan-activity;sid:84339398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.10.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476297/; classtype:trojan-activity;sid:84339397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.92.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476296/; classtype:trojan-activity;sid:84339396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476295/; classtype:trojan-activity;sid:84339395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.3.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476294/; classtype:trojan-activity;sid:84339394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.135.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476292/; classtype:trojan-activity;sid:84339392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.141.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476293/; classtype:trojan-activity;sid:84339393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.93.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476291/; classtype:trojan-activity;sid:84339391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476290/; classtype:trojan-activity;sid:84339390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.21.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3476289/; classtype:trojan-activity;sid:84339389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.93.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476288/; classtype:trojan-activity;sid:84339388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.193.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476287/; classtype:trojan-activity;sid:84339387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.41.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476286/; classtype:trojan-activity;sid:84339386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.117.103.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476285/; classtype:trojan-activity;sid:84339385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.141.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476284/; classtype:trojan-activity;sid:84339384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.148.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476283/; classtype:trojan-activity;sid:84339383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.26.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476282/; classtype:trojan-activity;sid:84339382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.92.204.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476281/; classtype:trojan-activity;sid:84339381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476279/; classtype:trojan-activity;sid:84339379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.193.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476280/; classtype:trojan-activity;sid:84339380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.146.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476278/; classtype:trojan-activity;sid:84339378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.88.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476277/; classtype:trojan-activity;sid:84339377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.150.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476276/; classtype:trojan-activity;sid:84339376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.0.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476275/; classtype:trojan-activity;sid:84339375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.42.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476274/; classtype:trojan-activity;sid:84339374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476273)"; flow:established,from_client; content:"GET"; http_method; content:"/8e7aty912g.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476273/; classtype:trojan-activity;sid:84339373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476272/; classtype:trojan-activity;sid:84339372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476271/; classtype:trojan-activity;sid:84339371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.147.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476270/; classtype:trojan-activity;sid:84339370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.66.152.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476269/; classtype:trojan-activity;sid:84339369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.141.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476268/; classtype:trojan-activity;sid:84339368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.146.37.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476267/; classtype:trojan-activity;sid:84339367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.148.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476266/; classtype:trojan-activity;sid:84339366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.39.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476265/; classtype:trojan-activity;sid:84339365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.171.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476264/; classtype:trojan-activity;sid:84339364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.88.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476263/; classtype:trojan-activity;sid:84339363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.32.30.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476262/; classtype:trojan-activity;sid:84339362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.147.40.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476260/; classtype:trojan-activity;sid:84339360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476261/; classtype:trojan-activity;sid:84339361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476259/; classtype:trojan-activity;sid:84339359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.113.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476258/; classtype:trojan-activity;sid:84339358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.125.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476257/; classtype:trojan-activity;sid:84339357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.175.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476256/; classtype:trojan-activity;sid:84339356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.146.37.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476255/; classtype:trojan-activity;sid:84339355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.249.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476254/; classtype:trojan-activity;sid:84339354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.133.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476253/; classtype:trojan-activity;sid:84339353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.117.103.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476252/; classtype:trojan-activity;sid:84339352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.151.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476251/; classtype:trojan-activity;sid:84339351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.39.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476250/; classtype:trojan-activity;sid:84339350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.21.234"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476249/; classtype:trojan-activity;sid:84339349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.113.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476248/; classtype:trojan-activity;sid:84339348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.94.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476247/; classtype:trojan-activity;sid:84339347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.175.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476246/; classtype:trojan-activity;sid:84339346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.194.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476245/; classtype:trojan-activity;sid:84339345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476243/; classtype:trojan-activity;sid:84339343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476244)"; flow:established,from_client; content:"GET"; http_method; content:"/ysil290pd7.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476244/; classtype:trojan-activity;sid:84339344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.188.143.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476242/; classtype:trojan-activity;sid:84339342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.133.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476241/; classtype:trojan-activity;sid:84339341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.29.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476239/; classtype:trojan-activity;sid:84339339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.249.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476240/; classtype:trojan-activity;sid:84339340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.190.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476238/; classtype:trojan-activity;sid:84339338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.18.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476237/; classtype:trojan-activity;sid:84339337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.157.253.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476236/; classtype:trojan-activity;sid:84339336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.80.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476235/; classtype:trojan-activity;sid:84339335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476234/; classtype:trojan-activity;sid:84339334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.37.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476233/; classtype:trojan-activity;sid:84339333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.29.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476232/; classtype:trojan-activity;sid:84339332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476231/; classtype:trojan-activity;sid:84339331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476230/; classtype:trojan-activity;sid:84339330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.198.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476229/; classtype:trojan-activity;sid:84339329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.185.198.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476228/; classtype:trojan-activity;sid:84339328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.125.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476227/; classtype:trojan-activity;sid:84339327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476226/; classtype:trojan-activity;sid:84339326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.113.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476225/; classtype:trojan-activity;sid:84339325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.56.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476224/; classtype:trojan-activity;sid:84339324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476223/; classtype:trojan-activity;sid:84339323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.127.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476222/; classtype:trojan-activity;sid:84339322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.173.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476221/; classtype:trojan-activity;sid:84339321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.26.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476220/; classtype:trojan-activity;sid:84339320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.45.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476219/; classtype:trojan-activity;sid:84339319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.121.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476218/; classtype:trojan-activity;sid:84339318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.185.198.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476217/; classtype:trojan-activity;sid:84339317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.198.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476216/; classtype:trojan-activity;sid:84339316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476215)"; flow:established,from_client; content:"GET"; http_method; content:"/4ojiy66hyx.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476215/; classtype:trojan-activity;sid:84339315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.168.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476214/; classtype:trojan-activity;sid:84339314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.9.57"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476213/; classtype:trojan-activity;sid:84339313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.125.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476212/; classtype:trojan-activity;sid:84339312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.12.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476211/; classtype:trojan-activity;sid:84339311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.56.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476210/; classtype:trojan-activity;sid:84339310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.229.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476209/; classtype:trojan-activity;sid:84339309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.190.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476208/; classtype:trojan-activity;sid:84339308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.124.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476207/; classtype:trojan-activity;sid:84339307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476206/; classtype:trojan-activity;sid:84339306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476204)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.fetoq.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476204/; classtype:trojan-activity;sid:84339304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.9.57"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476205/; classtype:trojan-activity;sid:84339305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.78.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476203/; classtype:trojan-activity;sid:84339303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.26.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476202/; classtype:trojan-activity;sid:84339302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.173.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476201/; classtype:trojan-activity;sid:84339301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476200/; classtype:trojan-activity;sid:84339300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476199/; classtype:trojan-activity;sid:84339299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476196/; classtype:trojan-activity;sid:84339296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.140.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476197/; classtype:trojan-activity;sid:84339297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.209.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476198/; classtype:trojan-activity;sid:84339298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.1.217"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476195/; classtype:trojan-activity;sid:84339295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476194/; classtype:trojan-activity;sid:84339294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.229.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476193/; classtype:trojan-activity;sid:84339293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.12.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476192/; classtype:trojan-activity;sid:84339292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.82.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476191/; classtype:trojan-activity;sid:84339291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476190/; classtype:trojan-activity;sid:84339290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.235.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476189/; classtype:trojan-activity;sid:84339289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.194.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476188/; classtype:trojan-activity;sid:84339288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.78.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476187/; classtype:trojan-activity;sid:84339287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.161.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476186/; classtype:trojan-activity;sid:84339286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.73.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476185/; classtype:trojan-activity;sid:84339285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.28.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476182/; classtype:trojan-activity;sid:84339282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.235.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476183/; classtype:trojan-activity;sid:84339283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.82.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476184/; classtype:trojan-activity;sid:84339284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.167.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476181/; classtype:trojan-activity;sid:84339281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476180)"; flow:established,from_client; content:"GET"; http_method; content:"/rf6e4qg8pi.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476180/; classtype:trojan-activity;sid:84339280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476179)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.97.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476179/; classtype:trojan-activity;sid:84339279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.225.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476178/; classtype:trojan-activity;sid:84339278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.190.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476177/; classtype:trojan-activity;sid:84339277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476176/; classtype:trojan-activity;sid:84339276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.249.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476173/; classtype:trojan-activity;sid:84339273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.239.228.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476174/; classtype:trojan-activity;sid:84339274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.183.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476175/; classtype:trojan-activity;sid:84339275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.147.40.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476172/; classtype:trojan-activity;sid:84339272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.201.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476171/; classtype:trojan-activity;sid:84339271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.228.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476170/; classtype:trojan-activity;sid:84339270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476169/; classtype:trojan-activity;sid:84339269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.169.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476168/; classtype:trojan-activity;sid:84339268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.179.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476167/; classtype:trojan-activity;sid:84339267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476166/; classtype:trojan-activity;sid:84339266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.71.68.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476165/; classtype:trojan-activity;sid:84339265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.106.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476164/; classtype:trojan-activity;sid:84339264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476163/; classtype:trojan-activity;sid:84339263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476162/; classtype:trojan-activity;sid:84339262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.201.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476161/; classtype:trojan-activity;sid:84339261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.113.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476159/; classtype:trojan-activity;sid:84339259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476160/; classtype:trojan-activity;sid:84339260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476158/; classtype:trojan-activity;sid:84339258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.163.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476157/; classtype:trojan-activity;sid:84339257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.231.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476156/; classtype:trojan-activity;sid:84339256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.179.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476155/; classtype:trojan-activity;sid:84339255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476154)"; flow:established,from_client; content:"GET"; http_method; content:"/n43krmm5pi.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476154/; classtype:trojan-activity;sid:84339254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476153/; classtype:trojan-activity;sid:84339253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.10.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476152/; classtype:trojan-activity;sid:84339252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.157.253.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476151/; classtype:trojan-activity;sid:84339251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476150/; classtype:trojan-activity;sid:84339250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.214.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476149/; classtype:trojan-activity;sid:84339249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.38.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476148/; classtype:trojan-activity;sid:84339248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.127.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476146/; classtype:trojan-activity;sid:84339246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476147/; classtype:trojan-activity;sid:84339247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.136.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476145/; classtype:trojan-activity;sid:84339245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.163.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476144/; classtype:trojan-activity;sid:84339244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.93.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476143/; classtype:trojan-activity;sid:84339243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.231.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476142/; classtype:trojan-activity;sid:84339242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.106.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476141/; classtype:trojan-activity;sid:84339241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.43.181"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476139/; classtype:trojan-activity;sid:84339239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.99.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476140/; classtype:trojan-activity;sid:84339240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.195.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476138/; classtype:trojan-activity;sid:84339238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476137/; classtype:trojan-activity;sid:84339237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.10.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476136/; classtype:trojan-activity;sid:84339236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.127.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476135/; classtype:trojan-activity;sid:84339235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.47.73.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476134/; classtype:trojan-activity;sid:84339234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.38.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476133/; classtype:trojan-activity;sid:84339233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.195.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476132/; classtype:trojan-activity;sid:84339232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.195.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476131/; classtype:trojan-activity;sid:84339231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.93.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476130/; classtype:trojan-activity;sid:84339230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.158.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476129/; classtype:trojan-activity;sid:84339229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.185.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476128/; classtype:trojan-activity;sid:84339228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.224.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476127/; classtype:trojan-activity;sid:84339227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.47.73.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476126/; classtype:trojan-activity;sid:84339226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476125)"; flow:established,from_client; content:"GET"; http_method; content:"/u12ncg3gc4.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.nullifychili.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476125/; classtype:trojan-activity;sid:84339225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.23.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476124/; classtype:trojan-activity;sid:84339224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476123/; classtype:trojan-activity;sid:84339223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.251.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476122/; classtype:trojan-activity;sid:84339222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.185.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476121/; classtype:trojan-activity;sid:84339221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.232.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476120/; classtype:trojan-activity;sid:84339220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.158.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476119/; classtype:trojan-activity;sid:84339219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476118/; classtype:trojan-activity;sid:84339218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.23.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476117/; classtype:trojan-activity;sid:84339217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.167.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476116/; classtype:trojan-activity;sid:84339216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476115)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.lixir.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476115/; classtype:trojan-activity;sid:84339215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.87.13.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476114/; classtype:trojan-activity;sid:84339214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.63.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476109/; classtype:trojan-activity;sid:84339209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.104.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476110/; classtype:trojan-activity;sid:84339210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.98.36.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476111/; classtype:trojan-activity;sid:84339211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.158.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476112/; classtype:trojan-activity;sid:84339212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.208.160.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476113/; classtype:trojan-activity;sid:84339213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.35.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476108/; classtype:trojan-activity;sid:84339208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476107/; classtype:trojan-activity;sid:84339207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.152.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476106/; classtype:trojan-activity;sid:84339206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.146.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476105/; classtype:trojan-activity;sid:84339205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.142.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476104/; classtype:trojan-activity;sid:84339204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.99.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476103/; classtype:trojan-activity;sid:84339203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476102/; classtype:trojan-activity;sid:84339202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.193.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476101/; classtype:trojan-activity;sid:84339201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476100/; classtype:trojan-activity;sid:84339200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.195.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476099/; classtype:trojan-activity;sid:84339199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476098)"; flow:established,from_client; content:"GET"; http_method; content:"/zhtsna03eo.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.upheldundermost.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476098/; classtype:trojan-activity;sid:84339198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.224.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476097/; classtype:trojan-activity;sid:84339197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.103.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476096/; classtype:trojan-activity;sid:84339196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.254.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476095/; classtype:trojan-activity;sid:84339195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476094/; classtype:trojan-activity;sid:84339194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.59.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476093/; classtype:trojan-activity;sid:84339193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.234.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476092/; classtype:trojan-activity;sid:84339192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.244.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476091/; classtype:trojan-activity;sid:84339191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.195.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476090/; classtype:trojan-activity;sid:84339190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.105.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476089/; classtype:trojan-activity;sid:84339189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.220.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476088/; classtype:trojan-activity;sid:84339188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.52.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476087/; classtype:trojan-activity;sid:84339187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.103.152.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476086/; classtype:trojan-activity;sid:84339186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.52.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476085/; classtype:trojan-activity;sid:84339185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.48.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476084/; classtype:trojan-activity;sid:84339184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.103.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476083/; classtype:trojan-activity;sid:84339183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.244.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476082/; classtype:trojan-activity;sid:84339182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.234.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476081/; classtype:trojan-activity;sid:84339181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476080)"; flow:established,from_client; content:"GET"; http_method; content:"/tg_cj153256_pxz.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tgsamll.b-cdn.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476080/; classtype:trojan-activity;sid:84339180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476079)"; flow:established,from_client; content:"GET"; http_method; content:"/fm_3315_40.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"shpuzonesll.b-cdn.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476079/; classtype:trojan-activity;sid:84339179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.220.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476078/; classtype:trojan-activity;sid:84339178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476077)"; flow:established,from_client; content:"GET"; http_method; content:"/fm_3313_39.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"shpuzonesll.b-cdn.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476077/; classtype:trojan-activity;sid:84339177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476076)"; flow:established,from_client; content:"GET"; http_method; content:"/yo_3316_38.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"shpuzonesll.b-cdn.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476076/; classtype:trojan-activity;sid:84339176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.206.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476075/; classtype:trojan-activity;sid:84339175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.103.152.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476074/; classtype:trojan-activity;sid:84339174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476073)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.kakib.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476073/; classtype:trojan-activity;sid:84339173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.216.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476072/; classtype:trojan-activity;sid:84339172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476071/; classtype:trojan-activity;sid:84339171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.150"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476070/; classtype:trojan-activity;sid:84339170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476069)"; flow:established,from_client; content:"GET"; http_method; content:"/ylndggkhni.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.upheldundermost.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476069/; classtype:trojan-activity;sid:84339169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.231.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476068/; classtype:trojan-activity;sid:84339168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.110.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476067/; classtype:trojan-activity;sid:84339167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.168.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476066/; classtype:trojan-activity;sid:84339166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476065)"; flow:established,from_client; content:"GET"; http_method; content:"/server.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"kotlevskiy.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476065/; classtype:trojan-activity;sid:84339165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476064/; classtype:trojan-activity;sid:84339164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.14.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476063/; classtype:trojan-activity;sid:84339163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.206.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476062/; classtype:trojan-activity;sid:84339162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.62.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476061/; classtype:trojan-activity;sid:84339161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.175.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476059/; classtype:trojan-activity;sid:84339159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.216.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476060/; classtype:trojan-activity;sid:84339160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.110.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476058/; classtype:trojan-activity;sid:84339158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476057)"; flow:established,from_client; content:"GET"; http_method; content:"/iamlighter.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"awakenly.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476057/; classtype:trojan-activity;sid:84339157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476055)"; flow:established,from_client; content:"GET"; http_method; content:"/n/ax4mqlu25efi/b/sorignkerla/o/lighterprefixloadwait.html"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"objectstorage.ap-singapore-2.oraclecloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476055/; classtype:trojan-activity;sid:84339155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476056)"; flow:established,from_client; content:"GET"; http_method; content:"/f40b7a79ed8433ee4d221f3553f422e9"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"pn5.gapdevoutlycitrus.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476056/; classtype:trojan-activity;sid:84339156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.225.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476054/; classtype:trojan-activity;sid:84339154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.67.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476053/; classtype:trojan-activity;sid:84339153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.196.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476051/; classtype:trojan-activity;sid:84339151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.21.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476052/; classtype:trojan-activity;sid:84339152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.62.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476050/; classtype:trojan-activity;sid:84339150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.254.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476048/; classtype:trojan-activity;sid:84339148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.122.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476049/; classtype:trojan-activity;sid:84339149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.90.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476047/; classtype:trojan-activity;sid:84339147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476046)"; flow:established,from_client; content:"GET"; http_method; content:"/files/original.js"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"doodstream.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476046/; classtype:trojan-activity;sid:84339146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476045)"; flow:established,from_client; content:"GET"; http_method; content:"/kbdtam99.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pro.fivepathways.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476045/; classtype:trojan-activity;sid:84339145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476043)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fis.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"movtime76.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476043/; classtype:trojan-activity;sid:84339143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476044)"; flow:established,from_client; content:"GET"; http_method; content:"/files/index.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"doodstream.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476044/; classtype:trojan-activity;sid:84339144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476041)"; flow:established,from_client; content:"GET"; http_method; content:"/files/original.js"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"movtime76.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476041/; classtype:trojan-activity;sid:84339141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476042)"; flow:established,from_client; content:"GET"; http_method; content:"/files/index.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"movtime76.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476042/; classtype:trojan-activity;sid:84339142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476040)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fis.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"doodstream.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476040/; classtype:trojan-activity;sid:84339140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.29.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476039/; classtype:trojan-activity;sid:84339139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.148.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476038/; classtype:trojan-activity;sid:84339138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.176.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476037/; classtype:trojan-activity;sid:84339137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476036/; classtype:trojan-activity;sid:84339136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476035)"; flow:established,from_client; content:"GET"; http_method; content:"/k5xl1xilmg.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.upheldundermost.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476035/; classtype:trojan-activity;sid:84339135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.1.108"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476034/; classtype:trojan-activity;sid:84339134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476033/; classtype:trojan-activity;sid:84339133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.90.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476032/; classtype:trojan-activity;sid:84339132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.94.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476031/; classtype:trojan-activity;sid:84339131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476029)"; flow:established,from_client; content:"GET"; http_method; content:"/es/downloads/3ac1b_isptoken.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www-app.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476029/; classtype:trojan-activity;sid:84339129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476030)"; flow:established,from_client; content:"GET"; http_method; content:"/es/downloads/02818_mybbva.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www-app.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476030/; classtype:trojan-activity;sid:84339130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476028)"; flow:established,from_client; content:"GET"; http_method; content:"/es/downloads/8327f_myposte.apk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"www-app.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476028/; classtype:trojan-activity;sid:84339128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476027)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.210.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476027/; classtype:trojan-activity;sid:84339127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476026)"; flow:established,from_client; content:"GET"; http_method; content:"/es/downloads/0515c_test.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www-app.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476026/; classtype:trojan-activity;sid:84339126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.29.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476025/; classtype:trojan-activity;sid:84339125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476024)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"seminary.envisionfonddulac.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476024/; classtype:trojan-activity;sid:84339124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.33.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476023/; classtype:trojan-activity;sid:84339123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.196.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476022/; classtype:trojan-activity;sid:84339122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.214.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476021/; classtype:trojan-activity;sid:84339121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.148.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476020/; classtype:trojan-activity;sid:84339120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.67.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476019/; classtype:trojan-activity;sid:84339119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.10.202"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476017/; classtype:trojan-activity;sid:84339117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476018/; classtype:trojan-activity;sid:84339118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476016/; classtype:trojan-activity;sid:84339116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.217.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476015/; classtype:trojan-activity;sid:84339115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.200.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476014/; classtype:trojan-activity;sid:84339114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476013/; classtype:trojan-activity;sid:84339113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476012/; classtype:trojan-activity;sid:84339112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476010/; classtype:trojan-activity;sid:84339110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.23.241.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476011/; classtype:trojan-activity;sid:84339111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476009/; classtype:trojan-activity;sid:84339109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.249.73.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476008/; classtype:trojan-activity;sid:84339108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476007/; classtype:trojan-activity;sid:84339107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.48"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476006/; classtype:trojan-activity;sid:84339106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.67.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476005/; classtype:trojan-activity;sid:84339105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476001)"; flow:established,from_client; content:"GET"; http_method; content:"/a.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.255.85.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476001/; classtype:trojan-activity;sid:84339101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476002)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.newyf.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476002/; classtype:trojan-activity;sid:84339102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476003)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92.255.85.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476003/; classtype:trojan-activity;sid:84339103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476004)"; flow:established,from_client; content:"GET"; http_method; content:"/b.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.255.85.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476004/; classtype:trojan-activity;sid:84339104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3476000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.48.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3476000/; classtype:trojan-activity;sid:84339100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.196.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475999/; classtype:trojan-activity;sid:84339099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.67.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475998/; classtype:trojan-activity;sid:84339098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475997/; classtype:trojan-activity;sid:84339097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475996)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.gulov.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475996/; classtype:trojan-activity;sid:84339096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.33.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475995/; classtype:trojan-activity;sid:84339095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.7.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475994/; classtype:trojan-activity;sid:84339094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475993)"; flow:established,from_client; content:"GET"; http_method; content:"/z7o1jew1dz.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.upheldundermost.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475993/; classtype:trojan-activity;sid:84339093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475992)"; flow:established,from_client; content:"GET"; http_method; content:"/g.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.255.85.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475992/; classtype:trojan-activity;sid:84339092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475989)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"cpte-view.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475989/; classtype:trojan-activity;sid:84339089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475990)"; flow:established,from_client; content:"GET"; http_method; content:"/l45r8rb51uc32r"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cpte-view.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475990/; classtype:trojan-activity;sid:84339090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475991)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"booklistingreserv.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475991/; classtype:trojan-activity;sid:84339091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.177.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475988/; classtype:trojan-activity;sid:84339088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.62.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475987/; classtype:trojan-activity;sid:84339087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.50.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475986/; classtype:trojan-activity;sid:84339086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.225.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475985/; classtype:trojan-activity;sid:84339085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.219.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475984/; classtype:trojan-activity;sid:84339084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.62.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475983/; classtype:trojan-activity;sid:84339083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475982/; classtype:trojan-activity;sid:84339082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475981)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.gimyh.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475981/; classtype:trojan-activity;sid:84339081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.48.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475980/; classtype:trojan-activity;sid:84339080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.245.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475979/; classtype:trojan-activity;sid:84339079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.50.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475978/; classtype:trojan-activity;sid:84339078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.81.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475977/; classtype:trojan-activity;sid:84339077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.127.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475976/; classtype:trojan-activity;sid:84339076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475975/; classtype:trojan-activity;sid:84339075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.225.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475974/; classtype:trojan-activity;sid:84339074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475973)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.lapib.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475973/; classtype:trojan-activity;sid:84339073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.245.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475972/; classtype:trojan-activity;sid:84339072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.196.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475971/; classtype:trojan-activity;sid:84339071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.127.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475970/; classtype:trojan-activity;sid:84339070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.48.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475969/; classtype:trojan-activity;sid:84339069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475968)"; flow:established,from_client; content:"GET"; http_method; content:"/mackobatric2.1.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"combo.s3.eu-north-1.amazonaws.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475968/; classtype:trojan-activity;sid:84339068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475967/; classtype:trojan-activity;sid:84339067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475966)"; flow:established,from_client; content:"GET"; http_method; content:"/deripascod/coderoom/raw/refs/heads/main/notyhkkadaw.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475966/; classtype:trojan-activity;sid:84339066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475963)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475963/; classtype:trojan-activity;sid:84339063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475964)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475964/; classtype:trojan-activity;sid:84339064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475965)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475965/; classtype:trojan-activity;sid:84339065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475954)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475954/; classtype:trojan-activity;sid:84339054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475955)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475955/; classtype:trojan-activity;sid:84339055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475956)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475956/; classtype:trojan-activity;sid:84339056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475957)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475957/; classtype:trojan-activity;sid:84339057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475958)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475958/; classtype:trojan-activity;sid:84339058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475959)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475959/; classtype:trojan-activity;sid:84339059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475960)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475960/; classtype:trojan-activity;sid:84339060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475961)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475961/; classtype:trojan-activity;sid:84339061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475962)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.superh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.44.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475962/; classtype:trojan-activity;sid:84339062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"161.0.74.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475953/; classtype:trojan-activity;sid:84339053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475950)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475950/; classtype:trojan-activity;sid:84339050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475951)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475951/; classtype:trojan-activity;sid:84339051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475952)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475952/; classtype:trojan-activity;sid:84339052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475936)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475936/; classtype:trojan-activity;sid:84339036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475937)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475937/; classtype:trojan-activity;sid:84339037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475938)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475938/; classtype:trojan-activity;sid:84339038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475939)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475939/; classtype:trojan-activity;sid:84339039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475940)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475940/; classtype:trojan-activity;sid:84339040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475941)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475941/; classtype:trojan-activity;sid:84339041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475942)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475942/; classtype:trojan-activity;sid:84339042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475943)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475943/; classtype:trojan-activity;sid:84339043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475944)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475944/; classtype:trojan-activity;sid:84339044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475945)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475945/; classtype:trojan-activity;sid:84339045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475946)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475946/; classtype:trojan-activity;sid:84339046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475947)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475947/; classtype:trojan-activity;sid:84339047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475948)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475948/; classtype:trojan-activity;sid:84339048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475949)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.superh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475949/; classtype:trojan-activity;sid:84339049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475932)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475932/; classtype:trojan-activity;sid:84339032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475933)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475933/; classtype:trojan-activity;sid:84339033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475934)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475934/; classtype:trojan-activity;sid:84339034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475935)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.superh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475935/; classtype:trojan-activity;sid:84339035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475931)"; flow:established,from_client; content:"GET"; http_method; content:"/gilqyeu3do.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.upheldundermost.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475931/; classtype:trojan-activity;sid:84339031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475929)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475929/; classtype:trojan-activity;sid:84339029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475930)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475930/; classtype:trojan-activity;sid:84339030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475927)"; flow:established,from_client; content:"GET"; http_method; content:"/somekidsmom.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475927/; classtype:trojan-activity;sid:84339027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475928)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"syncnet.cc"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475928/; classtype:trojan-activity;sid:84339028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.61.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475926/; classtype:trojan-activity;sid:84339026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.175.181.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475925/; classtype:trojan-activity;sid:84339025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475924/; classtype:trojan-activity;sid:84339024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.200.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475923/; classtype:trojan-activity;sid:84339023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.155.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475922/; classtype:trojan-activity;sid:84339022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475921)"; flow:established,from_client; content:"GET"; http_method; content:"/file/newuploavir/newpoveno.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"f005.backblazeb2.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475921/; classtype:trojan-activity;sid:84339021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.0.74.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475920/; classtype:trojan-activity;sid:84339020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475919/; classtype:trojan-activity;sid:84339019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475918)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.tozuj.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475918/; classtype:trojan-activity;sid:84339018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.205.70.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475917/; classtype:trojan-activity;sid:84339017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475915)"; flow:established,from_client; content:"GET"; http_method; content:"/msfstaged.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475915/; classtype:trojan-activity;sid:84339015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475916)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_raw_x64.raw"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475916/; classtype:trojan-activity;sid:84339016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475908)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_reflection_x64.ps1"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475908/; classtype:trojan-activity;sid:84339008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475909)"; flow:established,from_client; content:"GET"; http_method; content:"/decryhelp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475909/; classtype:trojan-activity;sid:84339009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475910)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_x64.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475910/; classtype:trojan-activity;sid:84339010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475911)"; flow:established,from_client; content:"GET"; http_method; content:"/msfnonstaged.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475911/; classtype:trojan-activity;sid:84339011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475912)"; flow:established,from_client; content:"GET"; http_method; content:"/consoleapp3.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475912/; classtype:trojan-activity;sid:84339012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475913)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475913/; classtype:trojan-activity;sid:84339013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475914)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_reflection_x86.ps1"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475914/; classtype:trojan-activity;sid:84339014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475900)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475900/; classtype:trojan-activity;sid:84339000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475901)"; flow:established,from_client; content:"GET"; http_method; content:"/invoke-reflectivepeinjection.ps1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475901/; classtype:trojan-activity;sid:84339001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475902)"; flow:established,from_client; content:"GET"; http_method; content:"/lapstoolkit.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475902/; classtype:trojan-activity;sid:84339002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475903)"; flow:established,from_client; content:"GET"; http_method; content:"/shell_tcp_2003_x64.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475903/; classtype:trojan-activity;sid:84339003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475904)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_x64.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475904/; classtype:trojan-activity;sid:84339004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475905)"; flow:established,from_client; content:"GET"; http_method; content:"/staged.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475905/; classtype:trojan-activity;sid:84339005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475906)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_x86.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475906/; classtype:trojan-activity;sid:84339006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475907)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.dll"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475907/; classtype:trojan-activity;sid:84339007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475899)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475899/; classtype:trojan-activity;sid:84338999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475897)"; flow:established,from_client; content:"GET"; http_method; content:"/aksoo7/solbf/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475897/; classtype:trojan-activity;sid:84338997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475898)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/arte/releases/download/v2.0/release_x64.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475898/; classtype:trojan-activity;sid:84338998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475893)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/rsc/rc/efs.hta"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475893/; classtype:trojan-activity;sid:84338993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475894)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475894/; classtype:trojan-activity;sid:84338994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.61.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475895/; classtype:trojan-activity;sid:84338995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475896)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475896/; classtype:trojan-activity;sid:84338996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475892)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_payload_local.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475892/; classtype:trojan-activity;sid:84338992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475885)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_https-df.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475885/; classtype:trojan-activity;sid:84338985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475886)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_psh_x86.ps1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475886/; classtype:trojan-activity;sid:84338986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475887)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475887/; classtype:trojan-activity;sid:84338987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475888)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475888/; classtype:trojan-activity;sid:84338988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475889)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2001.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475889/; classtype:trojan-activity;sid:84338989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475890)"; flow:established,from_client; content:"GET"; http_method; content:"/443_2003_psh_x64.ps1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475890/; classtype:trojan-activity;sid:84338990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475891)"; flow:established,from_client; content:"GET"; http_method; content:"/443.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"43.138.15.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475891/; classtype:trojan-activity;sid:84338991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.216.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475884/; classtype:trojan-activity;sid:84338984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.225.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475883/; classtype:trojan-activity;sid:84338983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.14.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475882/; classtype:trojan-activity;sid:84338982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475881/; classtype:trojan-activity;sid:84338981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.121.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475880/; classtype:trojan-activity;sid:84338980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475879/; classtype:trojan-activity;sid:84338979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.166.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475878/; classtype:trojan-activity;sid:84338978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.155.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475877/; classtype:trojan-activity;sid:84338977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475876/; classtype:trojan-activity;sid:84338976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.182.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475875/; classtype:trojan-activity;sid:84338975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.14.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475874/; classtype:trojan-activity;sid:84338974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.216.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475873/; classtype:trojan-activity;sid:84338973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.51.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475872/; classtype:trojan-activity;sid:84338972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.181.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475871/; classtype:trojan-activity;sid:84338971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.166.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475869/; classtype:trojan-activity;sid:84338969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.121.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475870/; classtype:trojan-activity;sid:84338970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475868)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.224.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475868/; classtype:trojan-activity;sid:84338968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.78.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475867/; classtype:trojan-activity;sid:84338967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475866)"; flow:established,from_client; content:"GET"; http_method; content:"/h1bkv8cq24.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.upheldundermost.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475866/; classtype:trojan-activity;sid:84338966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.225.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475865/; classtype:trojan-activity;sid:84338965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475864)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips|3f|ddos"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475864/; classtype:trojan-activity;sid:84338964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.12.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475863/; classtype:trojan-activity;sid:84338963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.147.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475862/; classtype:trojan-activity;sid:84338962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.83.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475861/; classtype:trojan-activity;sid:84338961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475860/; classtype:trojan-activity;sid:84338960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475851/; classtype:trojan-activity;sid:84338951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.34.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475852/; classtype:trojan-activity;sid:84338952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.115.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475853/; classtype:trojan-activity;sid:84338953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475854/; classtype:trojan-activity;sid:84338954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.234.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475855/; classtype:trojan-activity;sid:84338955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.26.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475856/; classtype:trojan-activity;sid:84338956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475857/; classtype:trojan-activity;sid:84338957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.207.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475858/; classtype:trojan-activity;sid:84338958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.59.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475859/; classtype:trojan-activity;sid:84338959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.52.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475850/; classtype:trojan-activity;sid:84338950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.211.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475849/; classtype:trojan-activity;sid:84338949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.27.137.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475848/; classtype:trojan-activity;sid:84338948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.196.112.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475846/; classtype:trojan-activity;sid:84338946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.50.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475847/; classtype:trojan-activity;sid:84338947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.164.176.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475845/; classtype:trojan-activity;sid:84338945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.147.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475844/; classtype:trojan-activity;sid:84338944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475843/; classtype:trojan-activity;sid:84338943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.44.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475842/; classtype:trojan-activity;sid:84338942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.162.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475841/; classtype:trojan-activity;sid:84338941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475840)"; flow:established,from_client; content:"GET"; http_method; content:"/y3ca171p0u.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.upheldundermost.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475840/; classtype:trojan-activity;sid:84338940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475838/; classtype:trojan-activity;sid:84338938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.227.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475839/; classtype:trojan-activity;sid:84338939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.195.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475837/; classtype:trojan-activity;sid:84338937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475835/; classtype:trojan-activity;sid:84338935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.227.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475836/; classtype:trojan-activity;sid:84338936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.26.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475834/; classtype:trojan-activity;sid:84338934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.247.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475833/; classtype:trojan-activity;sid:84338933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475832/; classtype:trojan-activity;sid:84338932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.177.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475830/; classtype:trojan-activity;sid:84338930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.162.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475831/; classtype:trojan-activity;sid:84338931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.83.218.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475829/; classtype:trojan-activity;sid:84338929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.241.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475828/; classtype:trojan-activity;sid:84338928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.137.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475827/; classtype:trojan-activity;sid:84338927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475822)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475822/; classtype:trojan-activity;sid:84338922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475823)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475823/; classtype:trojan-activity;sid:84338923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475824)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475824/; classtype:trojan-activity;sid:84338924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475825)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475825/; classtype:trojan-activity;sid:84338925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475826)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475826/; classtype:trojan-activity;sid:84338926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475821/; classtype:trojan-activity;sid:84338921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475816)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475816/; classtype:trojan-activity;sid:84338916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475817)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475817/; classtype:trojan-activity;sid:84338917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475818)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475818/; classtype:trojan-activity;sid:84338918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475819)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475819/; classtype:trojan-activity;sid:84338919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475820)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.144.53.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475820/; classtype:trojan-activity;sid:84338920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.247.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475815/; classtype:trojan-activity;sid:84338915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.218.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475814/; classtype:trojan-activity;sid:84338914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.8.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475813/; classtype:trojan-activity;sid:84338913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.208.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475812/; classtype:trojan-activity;sid:84338912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.26.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475811/; classtype:trojan-activity;sid:84338911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475810/; classtype:trojan-activity;sid:84338910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.208.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475809/; classtype:trojan-activity;sid:84338909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475808/; classtype:trojan-activity;sid:84338908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475807/; classtype:trojan-activity;sid:84338907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.8.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475806/; classtype:trojan-activity;sid:84338906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475805)"; flow:established,from_client; content:"GET"; http_method; content:"/zvgmfms6cg.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475805/; classtype:trojan-activity;sid:84338905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475804/; classtype:trojan-activity;sid:84338904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.31.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475803/; classtype:trojan-activity;sid:84338903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.137.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475802/; classtype:trojan-activity;sid:84338902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.241.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475801/; classtype:trojan-activity;sid:84338901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.184.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475800/; classtype:trojan-activity;sid:84338900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475799/; classtype:trojan-activity;sid:84338899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.58.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475798/; classtype:trojan-activity;sid:84338898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.162.72.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475797/; classtype:trojan-activity;sid:84338897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.4.41"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475796/; classtype:trojan-activity;sid:84338896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.177.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475794/; classtype:trojan-activity;sid:84338894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.122.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475795/; classtype:trojan-activity;sid:84338895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475793)"; flow:established,from_client; content:"GET"; http_method; content:"/voom.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nissan-signature-rs-noise.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475793/; classtype:trojan-activity;sid:84338893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475792)"; flow:established,from_client; content:"GET"; http_method; content:"/de/de-10192.pdf.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"typically-nut-personalized-syndication.trycloudflare.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475792/; classtype:trojan-activity;sid:84338892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475790)"; flow:established,from_client; content:"GET"; http_method; content:"/xo.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"typically-nut-personalized-syndication.trycloudflare.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475790/; classtype:trojan-activity;sid:84338890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475791)"; flow:established,from_client; content:"GET"; http_method; content:"/coi.wsf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"typically-nut-personalized-syndication.trycloudflare.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475791/; classtype:trojan-activity;sid:84338891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.96.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475789/; classtype:trojan-activity;sid:84338889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.31.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475788/; classtype:trojan-activity;sid:84338888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.46.130.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475787/; classtype:trojan-activity;sid:84338887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.176.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475786/; classtype:trojan-activity;sid:84338886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.122.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475785/; classtype:trojan-activity;sid:84338885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.5.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475784/; classtype:trojan-activity;sid:84338884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.4.41"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475783/; classtype:trojan-activity;sid:84338883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.153.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475782/; classtype:trojan-activity;sid:84338882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.5.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475780/; classtype:trojan-activity;sid:84338880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475781)"; flow:established,from_client; content:"GET"; http_method; content:"/hzsz3pgsmd.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475781/; classtype:trojan-activity;sid:84338881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475779/; classtype:trojan-activity;sid:84338879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.31.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475778/; classtype:trojan-activity;sid:84338878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.32.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475777/; classtype:trojan-activity;sid:84338877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475776)"; flow:established,from_client; content:"GET"; http_method; content:"/vmf38yd285.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475776/; classtype:trojan-activity;sid:84338876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.86.160.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475775/; classtype:trojan-activity;sid:84338875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.103.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475774/; classtype:trojan-activity;sid:84338874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.153.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475773/; classtype:trojan-activity;sid:84338873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.31.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475772/; classtype:trojan-activity;sid:84338872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475770)"; flow:established,from_client; content:"GET"; http_method; content:"/48obo84q9v.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475770/; classtype:trojan-activity;sid:84338870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.46.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475771/; classtype:trojan-activity;sid:84338871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475769)"; flow:established,from_client; content:"GET"; http_method; content:"/x.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.255.57.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475769/; classtype:trojan-activity;sid:84338869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.250.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475768/; classtype:trojan-activity;sid:84338868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.0.216.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475767/; classtype:trojan-activity;sid:84338867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475765/; classtype:trojan-activity;sid:84338865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.81.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475766/; classtype:trojan-activity;sid:84338866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.139.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475764/; classtype:trojan-activity;sid:84338864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.166.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475762/; classtype:trojan-activity;sid:84338862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.26.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475763/; classtype:trojan-activity;sid:84338863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.103.134.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475761/; classtype:trojan-activity;sid:84338861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.94.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475760/; classtype:trojan-activity;sid:84338860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475759/; classtype:trojan-activity;sid:84338859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.69.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475758/; classtype:trojan-activity;sid:84338858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.226.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475757/; classtype:trojan-activity;sid:84338857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.93.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475756/; classtype:trojan-activity;sid:84338856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475755)"; flow:established,from_client; content:"GET"; http_method; content:"/f7sjdjf2w1/payload/fickle/payload.ps1"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"eatertoken.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475755/; classtype:trojan-activity;sid:84338855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475753)"; flow:established,from_client; content:"GET"; http_method; content:"/f7sjdjf2w1/payload/builds/brave.ps1"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"eatertoken.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475753/; classtype:trojan-activity;sid:84338853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.46.130.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475754/; classtype:trojan-activity;sid:84338854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475752)"; flow:established,from_client; content:"GET"; http_method; content:"/4175g01ios.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475752/; classtype:trojan-activity;sid:84338852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.247.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475751/; classtype:trojan-activity;sid:84338851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.81.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475750/; classtype:trojan-activity;sid:84338850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.30.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475749/; classtype:trojan-activity;sid:84338849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475748/; classtype:trojan-activity;sid:84338848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.103.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475747/; classtype:trojan-activity;sid:84338847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.102.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475746/; classtype:trojan-activity;sid:84338846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.96.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475745/; classtype:trojan-activity;sid:84338845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475744)"; flow:established,from_client; content:"GET"; http_method; content:"/teplmnj5yh.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475744/; classtype:trojan-activity;sid:84338844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.86.160.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475743/; classtype:trojan-activity;sid:84338843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.81.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475742/; classtype:trojan-activity;sid:84338842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.42.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475741/; classtype:trojan-activity;sid:84338841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.247.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475740/; classtype:trojan-activity;sid:84338840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475739)"; flow:established,from_client; content:"GET"; http_method; content:"/9d50vpuwy9.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475739/; classtype:trojan-activity;sid:84338839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.249.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475738/; classtype:trojan-activity;sid:84338838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.96.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475737/; classtype:trojan-activity;sid:84338837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475736)"; flow:established,from_client; content:"GET"; http_method; content:"/v9yg0p3dl6.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475736/; classtype:trojan-activity;sid:84338836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.133.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475735/; classtype:trojan-activity;sid:84338835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.143.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475734/; classtype:trojan-activity;sid:84338834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475733/; classtype:trojan-activity;sid:84338833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.30.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475732/; classtype:trojan-activity;sid:84338832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475731)"; flow:established,from_client; content:"GET"; http_method; content:"/rvq1dv90hm.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475731/; classtype:trojan-activity;sid:84338831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.190.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475730/; classtype:trojan-activity;sid:84338830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475729/; classtype:trojan-activity;sid:84338829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475728)"; flow:established,from_client; content:"GET"; http_method; content:"/750/newworldbestsupportingthings.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475728/; classtype:trojan-activity;sid:84338828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475727)"; flow:established,from_client; content:"GET"; http_method; content:"/750/newworldbestsupportingthings.png"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475727/; classtype:trojan-activity;sid:84338827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.76.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475726/; classtype:trojan-activity;sid:84338826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.26.131"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475725/; classtype:trojan-activity;sid:84338825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475724)"; flow:established,from_client; content:"GET"; http_method; content:"/zgsjwtp2pl.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475724/; classtype:trojan-activity;sid:84338824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.227.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475723/; classtype:trojan-activity;sid:84338823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475721/; classtype:trojan-activity;sid:84338821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.14.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475722/; classtype:trojan-activity;sid:84338822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475720/; classtype:trojan-activity;sid:84338820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.143.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475719/; classtype:trojan-activity;sid:84338819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475718/; classtype:trojan-activity;sid:84338818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475717/; classtype:trojan-activity;sid:84338817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.51.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475716/; classtype:trojan-activity;sid:84338816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475715)"; flow:established,from_client; content:"GET"; http_method; content:"/880/eswa/verysurethingsonherewithgreatthings.hta"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"172.245.191.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475715/; classtype:trojan-activity;sid:84338815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475714)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ugccs/yougetgoodthingswithbestadvantageforthis.hta"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475714/; classtype:trojan-activity;sid:84338814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475713/; classtype:trojan-activity;sid:84338813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475712)"; flow:established,from_client; content:"GET"; http_method; content:"/750/eros/newworldbestsupportingthings.hta"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475712/; classtype:trojan-activity;sid:84338812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475711)"; flow:established,from_client; content:"GET"; http_method; content:"/jonobatric2.1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"combo.s3.eu-north-1.amazonaws.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475711/; classtype:trojan-activity;sid:84338811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475710/; classtype:trojan-activity;sid:84338810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475708/; classtype:trojan-activity;sid:84338808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.197.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475709/; classtype:trojan-activity;sid:84338809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475707/; classtype:trojan-activity;sid:84338807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475706)"; flow:established,from_client; content:"GET"; http_method; content:"/bpl3ty1rrv.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475706/; classtype:trojan-activity;sid:84338806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475705)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.pajyg.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475705/; classtype:trojan-activity;sid:84338805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.83.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475704/; classtype:trojan-activity;sid:84338804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.97.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475703/; classtype:trojan-activity;sid:84338803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475702/; classtype:trojan-activity;sid:84338802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.133.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475701/; classtype:trojan-activity;sid:84338801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475700)"; flow:established,from_client; content:"GET"; http_method; content:"/zaoy43uuat.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475700/; classtype:trojan-activity;sid:84338800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475699/; classtype:trojan-activity;sid:84338799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.30.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475698/; classtype:trojan-activity;sid:84338798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475697/; classtype:trojan-activity;sid:84338797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475696/; classtype:trojan-activity;sid:84338796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.163.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475695/; classtype:trojan-activity;sid:84338795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.248.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475694/; classtype:trojan-activity;sid:84338794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475693/; classtype:trojan-activity;sid:84338793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.118.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475692/; classtype:trojan-activity;sid:84338792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475690)"; flow:established,from_client; content:"GET"; http_method; content:"/reader/readerupdate2.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.93.20.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475690/; classtype:trojan-activity;sid:84338790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475691)"; flow:established,from_client; content:"GET"; http_method; content:"/688/pleasemakebestthingsentiretimetogivebestof.txt"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475691/; classtype:trojan-activity;sid:84338791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.197.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475688/; classtype:trojan-activity;sid:84338788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475689)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/sv/encryption01.jpg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475689/; classtype:trojan-activity;sid:84338789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475687)"; flow:established,from_client; content:"GET"; http_method; content:"/688/pleasemakebestthingsentiretimetogivebest.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475687/; classtype:trojan-activity;sid:84338787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475686)"; flow:established,from_client; content:"GET"; http_method; content:"/p6.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"greenindustry.pl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475686/; classtype:trojan-activity;sid:84338786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475685)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"roomsverif9399.world"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475685/; classtype:trojan-activity;sid:84338785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475682)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475682/; classtype:trojan-activity;sid:84338782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475683)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475683/; classtype:trojan-activity;sid:84338783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475684)"; flow:established,from_client; content:"GET"; http_method; content:"/311/cssos.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.174.231.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475684/; classtype:trojan-activity;sid:84338784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475678)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475678/; classtype:trojan-activity;sid:84338778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475679)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475679/; classtype:trojan-activity;sid:84338779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475680)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475680/; classtype:trojan-activity;sid:84338780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475681)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475681/; classtype:trojan-activity;sid:84338781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475673)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475673/; classtype:trojan-activity;sid:84338773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475674)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475674/; classtype:trojan-activity;sid:84338774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475675)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475675/; classtype:trojan-activity;sid:84338775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475676)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475676/; classtype:trojan-activity;sid:84338776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475677)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475677/; classtype:trojan-activity;sid:84338777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475672)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.cudol.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475672/; classtype:trojan-activity;sid:84338772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475671)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475671/; classtype:trojan-activity;sid:84338771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475668)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475668/; classtype:trojan-activity;sid:84338768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475669)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475669/; classtype:trojan-activity;sid:84338769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475670)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475670/; classtype:trojan-activity;sid:84338770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475667)"; flow:established,from_client; content:"GET"; http_method; content:"/54/csrss.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.227.228.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475667/; classtype:trojan-activity;sid:84338767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475666)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fmco/goodnicepersonneedyourverywell.txt"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475666/; classtype:trojan-activity;sid:84338766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475665)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fmco/goodnicepersonneedyourverywell.png"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475665/; classtype:trojan-activity;sid:84338765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475664)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=zrktno-_dmwgm0oonsr97jakdruqbicveg2lmuclzuon2zavkqsqg0nqchslt4a|7c|26|7c|pk_vid=342803d1cc4e3b801741606974b78eb1"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"1019.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475664/; classtype:trojan-activity;sid:84338764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475663)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kscc/verynicepersonwalkingentireplacesgoodformegreat.png"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475663/; classtype:trojan-activity;sid:84338763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475662)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kscc/verynicepersonwalkingentireplacesgoodformegreat.txt"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475662/; classtype:trojan-activity;sid:84338762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475661/; classtype:trojan-activity;sid:84338761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475660)"; flow:established,from_client; content:"GET"; http_method; content:"/hp1etpsppl.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475660/; classtype:trojan-activity;sid:84338760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475659/; classtype:trojan-activity;sid:84338759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475658/; classtype:trojan-activity;sid:84338758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.83.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475657/; classtype:trojan-activity;sid:84338757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475656)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475656/; classtype:trojan-activity;sid:84338756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475654)"; flow:established,from_client; content:"GET"; http_method; content:"/frogdogg/fixing-error-0x8015dc12/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475654/; classtype:trojan-activity;sid:84338754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475655)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475655/; classtype:trojan-activity;sid:84338755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475652)"; flow:established,from_client; content:"GET"; http_method; content:"/zidanqawy/peminjaman-buku/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475652/; classtype:trojan-activity;sid:84338752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475653)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475653/; classtype:trojan-activity;sid:84338753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475642)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475642/; classtype:trojan-activity;sid:84338742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475643)"; flow:established,from_client; content:"GET"; http_method; content:"/itsuzerz/evon-executor/releases/download/v2.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475643/; classtype:trojan-activity;sid:84338743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475644)"; flow:established,from_client; content:"GET"; http_method; content:"/phamtaino/fixing-error-0x80004005-unspecified/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475644/; classtype:trojan-activity;sid:84338744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475645)"; flow:established,from_client; content:"GET"; http_method; content:"/attorneywenn/pragati_backend_2025/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475645/; classtype:trojan-activity;sid:84338745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475646)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475646/; classtype:trojan-activity;sid:84338746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475647)"; flow:established,from_client; content:"GET"; http_method; content:"/andreh219/freeflux/releases/download/v2.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475647/; classtype:trojan-activity;sid:84338747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475648)"; flow:established,from_client; content:"GET"; http_method; content:"/matthew-url/zwhax-valorant-cheat-esp-aimbot-source/releases/download/v2.0/application.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475648/; classtype:trojan-activity;sid:84338748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475649)"; flow:established,from_client; content:"GET"; http_method; content:"/monishkoushalbusani/rust-hack-fr33/releases/download/v2.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475649/; classtype:trojan-activity;sid:84338749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475650)"; flow:established,from_client; content:"GET"; http_method; content:"/noob123-art/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475650/; classtype:trojan-activity;sid:84338750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475651)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475651/; classtype:trojan-activity;sid:84338751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475624)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475624/; classtype:trojan-activity;sid:84338724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475625)"; flow:established,from_client; content:"GET"; http_method; content:"/7777suprim/expo-rsc-movies/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475625/; classtype:trojan-activity;sid:84338725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475626)"; flow:established,from_client; content:"GET"; http_method; content:"/progamer912-commits/dayz-cheat-h4ck-a1mb0t/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475626/; classtype:trojan-activity;sid:84338726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475627)"; flow:established,from_client; content:"GET"; http_method; content:"/msaad453/nexus-roblox/releases/download/v2.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475627/; classtype:trojan-activity;sid:84338727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475628)"; flow:established,from_client; content:"GET"; http_method; content:"/superoidaa/fixing-error-0x803f8001/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475628/; classtype:trojan-activity;sid:84338728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475629)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475629/; classtype:trojan-activity;sid:84338729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475630)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475630/; classtype:trojan-activity;sid:84338730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475631)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475631/; classtype:trojan-activity;sid:84338731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475632)"; flow:established,from_client; content:"GET"; http_method; content:"/nikke6728/towerdefensegame/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475632/; classtype:trojan-activity;sid:84338732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475633)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/aplikasi-sekolah/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475633/; classtype:trojan-activity;sid:84338733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475634)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475634/; classtype:trojan-activity;sid:84338734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475635)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/realtime-chat-app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475635/; classtype:trojan-activity;sid:84338735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475636)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475636/; classtype:trojan-activity;sid:84338736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475637)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/fixing-error-0x80070005-access-denied/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475637/; classtype:trojan-activity;sid:84338737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475638)"; flow:established,from_client; content:"GET"; http_method; content:"/baomeomeo/speech/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475638/; classtype:trojan-activity;sid:84338738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475639)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/fixing-error-0x80070424-specified-service/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475639/; classtype:trojan-activity;sid:84338739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475640)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisgod/projectzomboidmodmenu/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475640/; classtype:trojan-activity;sid:84338740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475641)"; flow:established,from_client; content:"GET"; http_method; content:"/ggggddjh/fixing-error-0xc0000142/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475641/; classtype:trojan-activity;sid:84338741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475614)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/youtube_playlist_downloader/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475614/; classtype:trojan-activity;sid:84338714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475615)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475615/; classtype:trojan-activity;sid:84338715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475616)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v3.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475616/; classtype:trojan-activity;sid:84338716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475617)"; flow:established,from_client; content:"GET"; http_method; content:"/2unnbeats/arceus-executor/releases/download/v2.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475617/; classtype:trojan-activity;sid:84338717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475618)"; flow:established,from_client; content:"GET"; http_method; content:"/luis4325234/al-photoshop-2024/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475618/; classtype:trojan-activity;sid:84338718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475619)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/yusupbot1/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475619/; classtype:trojan-activity;sid:84338719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475620)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475620/; classtype:trojan-activity;sid:84338720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475621)"; flow:established,from_client; content:"GET"; http_method; content:"/godsetup/aspx-gh0st-executor/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475621/; classtype:trojan-activity;sid:84338721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475622)"; flow:established,from_client; content:"GET"; http_method; content:"/vksoz/scriptware-executer/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475622/; classtype:trojan-activity;sid:84338722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475623)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475623/; classtype:trojan-activity;sid:84338723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475612)"; flow:established,from_client; content:"GET"; http_method; content:"/lucciro/venomcontrol-rat-crack-source/releases/download/v2.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475612/; classtype:trojan-activity;sid:84338712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475613)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475613/; classtype:trojan-activity;sid:84338713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475609)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475609/; classtype:trojan-activity;sid:84338709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475610)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475610/; classtype:trojan-activity;sid:84338710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475611)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475611/; classtype:trojan-activity;sid:84338711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475608)"; flow:established,from_client; content:"GET"; http_method; content:"/ytbnuka/fixing-error-0x80070570/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475608/; classtype:trojan-activity;sid:84338708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475607)"; flow:established,from_client; content:"GET"; http_method; content:"/mazahaka2002/venomcontrol-rat-crack-source/releases/download/download/loader.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475607/; classtype:trojan-activity;sid:84338707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475606)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=zcl4dpxaaz5ohohmqlwwzi0mgwiqnmtaucm5wkgri1bi4eryfpo88ydf|7c|26|7c|pk_vid=fa66b8373d47139e17418153110d1472"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"3003.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475606/; classtype:trojan-activity;sid:84338706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.30.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475605/; classtype:trojan-activity;sid:84338705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475592)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475592/; classtype:trojan-activity;sid:84338692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475593)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475593/; classtype:trojan-activity;sid:84338693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475594)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475594/; classtype:trojan-activity;sid:84338694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475595)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475595/; classtype:trojan-activity;sid:84338695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475596)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475596/; classtype:trojan-activity;sid:84338696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475597)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475597/; classtype:trojan-activity;sid:84338697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475598)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475598/; classtype:trojan-activity;sid:84338698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475599)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475599/; classtype:trojan-activity;sid:84338699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475600)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475600/; classtype:trojan-activity;sid:84338700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475601)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475601/; classtype:trojan-activity;sid:84338701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475602)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475602/; classtype:trojan-activity;sid:84338702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475603)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/apidocs.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.134.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475603/; classtype:trojan-activity;sid:84338703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475604)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v2.0/software.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475604/; classtype:trojan-activity;sid:84338704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475589)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475589/; classtype:trojan-activity;sid:84338689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475590)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475590/; classtype:trojan-activity;sid:84338690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475591)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475591/; classtype:trojan-activity;sid:84338691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475588)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475588/; classtype:trojan-activity;sid:84338688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475587)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475587/; classtype:trojan-activity;sid:84338687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475584)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475584/; classtype:trojan-activity;sid:84338684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475585)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475585/; classtype:trojan-activity;sid:84338685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475586)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475586/; classtype:trojan-activity;sid:84338686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475579)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475579/; classtype:trojan-activity;sid:84338679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475580)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475580/; classtype:trojan-activity;sid:84338680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475581)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475581/; classtype:trojan-activity;sid:84338681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.232.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475582/; classtype:trojan-activity;sid:84338682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475583)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475583/; classtype:trojan-activity;sid:84338683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475575)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475575/; classtype:trojan-activity;sid:84338675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475576)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475576/; classtype:trojan-activity;sid:84338676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475577)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475577/; classtype:trojan-activity;sid:84338677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475578)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475578/; classtype:trojan-activity;sid:84338678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475574/; classtype:trojan-activity;sid:84338674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475573)"; flow:established,from_client; content:"GET"; http_method; content:"/qny0hi9yk4.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475573/; classtype:trojan-activity;sid:84338673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475572/; classtype:trojan-activity;sid:84338672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.97.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475571/; classtype:trojan-activity;sid:84338671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475570/; classtype:trojan-activity;sid:84338670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475569/; classtype:trojan-activity;sid:84338669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475568/; classtype:trojan-activity;sid:84338668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475567)"; flow:established,from_client; content:"GET"; http_method; content:"/461j5yuwt9.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475567/; classtype:trojan-activity;sid:84338667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.180.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475566/; classtype:trojan-activity;sid:84338666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.180.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475565/; classtype:trojan-activity;sid:84338665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.128.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475564/; classtype:trojan-activity;sid:84338664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.156.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475563/; classtype:trojan-activity;sid:84338663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475562)"; flow:established,from_client; content:"GET"; http_method; content:"/u43eltquck.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475562/; classtype:trojan-activity;sid:84338662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.9.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475561/; classtype:trojan-activity;sid:84338661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.58.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475559/; classtype:trojan-activity;sid:84338659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.66.164.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475560/; classtype:trojan-activity;sid:84338660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475557/; classtype:trojan-activity;sid:84338657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475558/; classtype:trojan-activity;sid:84338658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475556/; classtype:trojan-activity;sid:84338656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475555/; classtype:trojan-activity;sid:84338655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.78.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475554/; classtype:trojan-activity;sid:84338654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.37.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475552/; classtype:trojan-activity;sid:84338652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.228.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475553/; classtype:trojan-activity;sid:84338653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.15.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475550/; classtype:trojan-activity;sid:84338650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475551/; classtype:trojan-activity;sid:84338651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.160.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475549/; classtype:trojan-activity;sid:84338649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.245.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475548/; classtype:trojan-activity;sid:84338648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475547)"; flow:established,from_client; content:"GET"; http_method; content:"/wn7e2n3cx9.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475547/; classtype:trojan-activity;sid:84338647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475546/; classtype:trojan-activity;sid:84338646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.156.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475545/; classtype:trojan-activity;sid:84338645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.61.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475544/; classtype:trojan-activity;sid:84338644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475543)"; flow:established,from_client; content:"GET"; http_method; content:"/ltit0wfp18.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475543/; classtype:trojan-activity;sid:84338643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.160.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475542/; classtype:trojan-activity;sid:84338642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.170.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475541/; classtype:trojan-activity;sid:84338641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.245.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475540/; classtype:trojan-activity;sid:84338640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475539/; classtype:trojan-activity;sid:84338639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.15.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475538/; classtype:trojan-activity;sid:84338638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.225.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475537/; classtype:trojan-activity;sid:84338637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.16.164.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475536/; classtype:trojan-activity;sid:84338636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475535/; classtype:trojan-activity;sid:84338635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475534)"; flow:established,from_client; content:"GET"; http_method; content:"/x1zx27lubv.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475534/; classtype:trojan-activity;sid:84338634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.156.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475533/; classtype:trojan-activity;sid:84338633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.35.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475532/; classtype:trojan-activity;sid:84338632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475531/; classtype:trojan-activity;sid:84338631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.16.164.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475530/; classtype:trojan-activity;sid:84338630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475529)"; flow:established,from_client; content:"GET"; http_method; content:"/7h7a4tmdya.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475529/; classtype:trojan-activity;sid:84338629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.21.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475528/; classtype:trojan-activity;sid:84338628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.231.106.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475527/; classtype:trojan-activity;sid:84338627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.61.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475526/; classtype:trojan-activity;sid:84338626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.181.225.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475525/; classtype:trojan-activity;sid:84338625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.29.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475524/; classtype:trojan-activity;sid:84338624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.168.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475523/; classtype:trojan-activity;sid:84338623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.156.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475522/; classtype:trojan-activity;sid:84338622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.35.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475521/; classtype:trojan-activity;sid:84338621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475520)"; flow:established,from_client; content:"GET"; http_method; content:"/6ybbsstrhd.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475520/; classtype:trojan-activity;sid:84338620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475519/; classtype:trojan-activity;sid:84338619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.89.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475518/; classtype:trojan-activity;sid:84338618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475517)"; flow:established,from_client; content:"GET"; http_method; content:"/gwqh9648g7.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475517/; classtype:trojan-activity;sid:84338617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.130.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475516/; classtype:trojan-activity;sid:84338616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.237.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475514/; classtype:trojan-activity;sid:84338614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.43.181"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475515/; classtype:trojan-activity;sid:84338615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.238.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475513/; classtype:trojan-activity;sid:84338613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475512)"; flow:established,from_client; content:"GET"; http_method; content:"/9s59acduft.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475512/; classtype:trojan-activity;sid:84338612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.20.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475511/; classtype:trojan-activity;sid:84338611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.89.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475510/; classtype:trojan-activity;sid:84338610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.0.194"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475509/; classtype:trojan-activity;sid:84338609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475508)"; flow:established,from_client; content:"GET"; http_method; content:"/g39hn1rpdt.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475508/; classtype:trojan-activity;sid:84338608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.0.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475507/; classtype:trojan-activity;sid:84338607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.139.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475506/; classtype:trojan-activity;sid:84338606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.130.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475505/; classtype:trojan-activity;sid:84338605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.238.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475504/; classtype:trojan-activity;sid:84338604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.237.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475503/; classtype:trojan-activity;sid:84338603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475500)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.200.24.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475500/; classtype:trojan-activity;sid:84338600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475501)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.134.39.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475501/; classtype:trojan-activity;sid:84338601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475502)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.41.201.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475502/; classtype:trojan-activity;sid:84338602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.159.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475499/; classtype:trojan-activity;sid:84338599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.29.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475498/; classtype:trojan-activity;sid:84338598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.181.225.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475497/; classtype:trojan-activity;sid:84338597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475496)"; flow:established,from_client; content:"GET"; http_method; content:"/10k7y0iqqd.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475496/; classtype:trojan-activity;sid:84338596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.163.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475495/; classtype:trojan-activity;sid:84338595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.93.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475494/; classtype:trojan-activity;sid:84338594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.20.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475493/; classtype:trojan-activity;sid:84338593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.90.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475492/; classtype:trojan-activity;sid:84338592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475491)"; flow:established,from_client; content:"GET"; http_method; content:"/5nqtlbm4vs.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475491/; classtype:trojan-activity;sid:84338591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.56.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475490/; classtype:trojan-activity;sid:84338590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.159.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475489/; classtype:trojan-activity;sid:84338589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.192.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475488/; classtype:trojan-activity;sid:84338588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.163.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475487/; classtype:trojan-activity;sid:84338587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475485/; classtype:trojan-activity;sid:84338585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475486)"; flow:established,from_client; content:"GET"; http_method; content:"/1w22a9m76f.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475486/; classtype:trojan-activity;sid:84338586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.172.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475484/; classtype:trojan-activity;sid:84338584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.171.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475483/; classtype:trojan-activity;sid:84338583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.93.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475482/; classtype:trojan-activity;sid:84338582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.56.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475481/; classtype:trojan-activity;sid:84338581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.90.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475480/; classtype:trojan-activity;sid:84338580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.248.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475479/; classtype:trojan-activity;sid:84338579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.235.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475478/; classtype:trojan-activity;sid:84338578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.192.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475477/; classtype:trojan-activity;sid:84338577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475476)"; flow:established,from_client; content:"GET"; http_method; content:"/v0cvnljknp.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475476/; classtype:trojan-activity;sid:84338576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.94.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475475/; classtype:trojan-activity;sid:84338575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475474/; classtype:trojan-activity;sid:84338574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.166.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475473/; classtype:trojan-activity;sid:84338573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.48.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475472/; classtype:trojan-activity;sid:84338572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.140.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475471/; classtype:trojan-activity;sid:84338571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.166.59.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475464/; classtype:trojan-activity;sid:84338564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475465/; classtype:trojan-activity;sid:84338565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475466/; classtype:trojan-activity;sid:84338566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.66.166.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475467/; classtype:trojan-activity;sid:84338567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.0.217.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475468/; classtype:trojan-activity;sid:84338568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.44.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475469/; classtype:trojan-activity;sid:84338569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.226.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475470/; classtype:trojan-activity;sid:84338570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.167.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475463/; classtype:trojan-activity;sid:84338563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.230.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475462/; classtype:trojan-activity;sid:84338562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.239.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475461/; classtype:trojan-activity;sid:84338561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475459/; classtype:trojan-activity;sid:84338559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.148.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475460/; classtype:trojan-activity;sid:84338560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.142.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475456/; classtype:trojan-activity;sid:84338556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.181.64.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475457/; classtype:trojan-activity;sid:84338557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475458/; classtype:trojan-activity;sid:84338558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.22.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475455/; classtype:trojan-activity;sid:84338555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.141.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475454/; classtype:trojan-activity;sid:84338554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.172.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475453/; classtype:trojan-activity;sid:84338553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475452)"; flow:established,from_client; content:"GET"; http_method; content:"/6n7xky0faf.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475452/; classtype:trojan-activity;sid:84338552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.33.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475451/; classtype:trojan-activity;sid:84338551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.171.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475450/; classtype:trojan-activity;sid:84338550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.137.248.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475449/; classtype:trojan-activity;sid:84338549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.180.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475448/; classtype:trojan-activity;sid:84338548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475447/; classtype:trojan-activity;sid:84338547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475446)"; flow:established,from_client; content:"GET"; http_method; content:"/a82kzxfbfo.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475446/; classtype:trojan-activity;sid:84338546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.13.22.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475443/; classtype:trojan-activity;sid:84338543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.13.22.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475444/; classtype:trojan-activity;sid:84338544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.238.3.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475445/; classtype:trojan-activity;sid:84338545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.167.94.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475442/; classtype:trojan-activity;sid:84338542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475440)"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475440/; classtype:trojan-activity;sid:84338540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475441)"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475441/; classtype:trojan-activity;sid:84338541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.70.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475439/; classtype:trojan-activity;sid:84338539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475437)"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475437/; classtype:trojan-activity;sid:84338537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475438)"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475438/; classtype:trojan-activity;sid:84338538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.50.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475434/; classtype:trojan-activity;sid:84338534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475435)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475435/; classtype:trojan-activity;sid:84338535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475436)"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475436/; classtype:trojan-activity;sid:84338536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475432)"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475432/; classtype:trojan-activity;sid:84338532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475433)"; flow:established,from_client; content:"GET"; http_method; content:"/miori.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475433/; classtype:trojan-activity;sid:84338533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475431)"; flow:established,from_client; content:"GET"; http_method; content:"/miori.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475431/; classtype:trojan-activity;sid:84338531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475428)"; flow:established,from_client; content:"GET"; http_method; content:"/miori.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475428/; classtype:trojan-activity;sid:84338528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475429)"; flow:established,from_client; content:"GET"; http_method; content:"/miori.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475429/; classtype:trojan-activity;sid:84338529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475430)"; flow:established,from_client; content:"GET"; http_method; content:"/miori.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475430/; classtype:trojan-activity;sid:84338530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475425)"; flow:established,from_client; content:"GET"; http_method; content:"/miori.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475425/; classtype:trojan-activity;sid:84338525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475426)"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475426/; classtype:trojan-activity;sid:84338526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475427)"; flow:established,from_client; content:"GET"; http_method; content:"/miori.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475427/; classtype:trojan-activity;sid:84338527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.157.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475424/; classtype:trojan-activity;sid:84338524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475423)"; flow:established,from_client; content:"GET"; http_method; content:"/hkri426rhk.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475423/; classtype:trojan-activity;sid:84338523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.38.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475422/; classtype:trojan-activity;sid:84338522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475421/; classtype:trojan-activity;sid:84338521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.73.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475420/; classtype:trojan-activity;sid:84338520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475419)"; flow:established,from_client; content:"GET"; http_method; content:"/8tvziqgwi5.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475419/; classtype:trojan-activity;sid:84338519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.134.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475418/; classtype:trojan-activity;sid:84338518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.101.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475417/; classtype:trojan-activity;sid:84338517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475416)"; flow:established,from_client; content:"GET"; http_method; content:"/wcs7fqh4p0.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475416/; classtype:trojan-activity;sid:84338516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.243.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475415/; classtype:trojan-activity;sid:84338515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.225.107.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475414/; classtype:trojan-activity;sid:84338514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.73.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475413/; classtype:trojan-activity;sid:84338513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.101.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475412/; classtype:trojan-activity;sid:84338512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475411/; classtype:trojan-activity;sid:84338511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475396)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475396/; classtype:trojan-activity;sid:84338496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475397)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atosh4"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475397/; classtype:trojan-activity;sid:84338497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475398)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475398/; classtype:trojan-activity;sid:84338498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475399)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atompsl"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475399/; classtype:trojan-activity;sid:84338499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475400)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.sh4"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475400/; classtype:trojan-activity;sid:84338500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475401)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atom68k"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475401/; classtype:trojan-activity;sid:84338501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475402)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atoarm6"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475402/; classtype:trojan-activity;sid:84338502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475403)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atospc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475403/; classtype:trojan-activity;sid:84338503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475404)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atox64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475404/; classtype:trojan-activity;sid:84338504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475405)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atomips"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475405/; classtype:trojan-activity;sid:84338505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475406)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.spc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475406/; classtype:trojan-activity;sid:84338506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475407)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.x86"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475407/; classtype:trojan-activity;sid:84338507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475408)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atoarm"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475408/; classtype:trojan-activity;sid:84338508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475409)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.m68k"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475409/; classtype:trojan-activity;sid:84338509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475410)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.arm6"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475410/; classtype:trojan-activity;sid:84338510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475392)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475392/; classtype:trojan-activity;sid:84338492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475393)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.arm6"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475393/; classtype:trojan-activity;sid:84338493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475394)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.sh4"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475394/; classtype:trojan-activity;sid:84338494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475395)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atoarm6"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475395/; classtype:trojan-activity;sid:84338495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475388)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atoppc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475388/; classtype:trojan-activity;sid:84338488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475389)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atox86"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475389/; classtype:trojan-activity;sid:84338489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475390)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.ppc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475390/; classtype:trojan-activity;sid:84338490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475391)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"great-jepsen.141-98-10-50.plesk.page"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475391/; classtype:trojan-activity;sid:84338491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475384)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475384/; classtype:trojan-activity;sid:84338484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475385)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atomips"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475385/; classtype:trojan-activity;sid:84338485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475386)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atox64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475386/; classtype:trojan-activity;sid:84338486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475387)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atoarm"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475387/; classtype:trojan-activity;sid:84338487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475382)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.m68k"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475382/; classtype:trojan-activity;sid:84338482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475383)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475383/; classtype:trojan-activity;sid:84338483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475373)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atoppc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475373/; classtype:trojan-activity;sid:84338473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475374)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.spc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475374/; classtype:trojan-activity;sid:84338474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475375)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.ppc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475375/; classtype:trojan-activity;sid:84338475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475376)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atompsl"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475376/; classtype:trojan-activity;sid:84338476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475377)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atospc"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475377/; classtype:trojan-activity;sid:84338477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475378)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atom68k"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475378/; classtype:trojan-activity;sid:84338478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475379)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475379/; classtype:trojan-activity;sid:84338479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475380)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.x86"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475380/; classtype:trojan-activity;sid:84338480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475381)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atox86"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475381/; classtype:trojan-activity;sid:84338481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475372)"; flow:established,from_client; content:"GET"; http_method; content:"/mecatronengage/newage3atosh4"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475372/; classtype:trojan-activity;sid:84338472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.246.74.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475371/; classtype:trojan-activity;sid:84338471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475370)"; flow:established,from_client; content:"GET"; http_method; content:"/vl529o4u4t.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475370/; classtype:trojan-activity;sid:84338470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.216.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475369/; classtype:trojan-activity;sid:84338469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.200.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475368/; classtype:trojan-activity;sid:84338468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.172.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475367/; classtype:trojan-activity;sid:84338467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.135.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475366/; classtype:trojan-activity;sid:84338466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475364)"; flow:established,from_client; content:"GET"; http_method; content:"/u5ajh7j1p5.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475364/; classtype:trojan-activity;sid:84338464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.107.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475365/; classtype:trojan-activity;sid:84338465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.152.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475363/; classtype:trojan-activity;sid:84338463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.246.74.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475362/; classtype:trojan-activity;sid:84338462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.36.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475361/; classtype:trojan-activity;sid:84338461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.182.113.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475360/; classtype:trojan-activity;sid:84338460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475359/; classtype:trojan-activity;sid:84338459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475358)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.hehoi.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475358/; classtype:trojan-activity;sid:84338458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475357/; classtype:trojan-activity;sid:84338457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.162.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475356/; classtype:trojan-activity;sid:84338456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475355/; classtype:trojan-activity;sid:84338455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475354)"; flow:established,from_client; content:"GET"; http_method; content:"/5cyesirfvk.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475354/; classtype:trojan-activity;sid:84338454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475353/; classtype:trojan-activity;sid:84338453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.51.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475352/; classtype:trojan-activity;sid:84338452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.214.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475351/; classtype:trojan-activity;sid:84338451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.243.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475350/; classtype:trojan-activity;sid:84338450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.50.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475349/; classtype:trojan-activity;sid:84338449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.70.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475348/; classtype:trojan-activity;sid:84338448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475347)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475347/; classtype:trojan-activity;sid:84338447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475342)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475342/; classtype:trojan-activity;sid:84338442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475343)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475343/; classtype:trojan-activity;sid:84338443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475344)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475344/; classtype:trojan-activity;sid:84338444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475345)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475345/; classtype:trojan-activity;sid:84338445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475346)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475346/; classtype:trojan-activity;sid:84338446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475340)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475340/; classtype:trojan-activity;sid:84338440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475341)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475341/; classtype:trojan-activity;sid:84338441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475334)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475334/; classtype:trojan-activity;sid:84338434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475335)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475335/; classtype:trojan-activity;sid:84338435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475336)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475336/; classtype:trojan-activity;sid:84338436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475337)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475337/; classtype:trojan-activity;sid:84338437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475338)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475338/; classtype:trojan-activity;sid:84338438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475339)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c2.crucialnetworks.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475339/; classtype:trojan-activity;sid:84338439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.86.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475333/; classtype:trojan-activity;sid:84338433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.152.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475332/; classtype:trojan-activity;sid:84338432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.40.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475331/; classtype:trojan-activity;sid:84338431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.214.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475330/; classtype:trojan-activity;sid:84338430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.59.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475328/; classtype:trojan-activity;sid:84338428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.182.113.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475329/; classtype:trojan-activity;sid:84338429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475327)"; flow:established,from_client; content:"GET"; http_method; content:"/tgray31hvy.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475327/; classtype:trojan-activity;sid:84338427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475326)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/files/rotate/rotate.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"www.williamrubano.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475326/; classtype:trojan-activity;sid:84338426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.9.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475325/; classtype:trojan-activity;sid:84338425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.86.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475324/; classtype:trojan-activity;sid:84338424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475323/; classtype:trojan-activity;sid:84338423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475322/; classtype:trojan-activity;sid:84338422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.51.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475321/; classtype:trojan-activity;sid:84338421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475320)"; flow:established,from_client; content:"GET"; http_method; content:"/g61z1ra1r9.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475320/; classtype:trojan-activity;sid:84338420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"77.90.153.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475319/; classtype:trojan-activity;sid:84338419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.244.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475318/; classtype:trojan-activity;sid:84338418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.70.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475317/; classtype:trojan-activity;sid:84338417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475316)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"w.softprojectcode.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475316/; classtype:trojan-activity;sid:84338416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475315/; classtype:trojan-activity;sid:84338415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.208.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475314/; classtype:trojan-activity;sid:84338414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475313/; classtype:trojan-activity;sid:84338413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475311)"; flow:established,from_client; content:"GET"; http_method; content:"/rsssu5sbet.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475311/; classtype:trojan-activity;sid:84338411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.80.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475312/; classtype:trojan-activity;sid:84338412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475310/; classtype:trojan-activity;sid:84338410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.221.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475309/; classtype:trojan-activity;sid:84338409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.244.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475308/; classtype:trojan-activity;sid:84338408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.208.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475307/; classtype:trojan-activity;sid:84338407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.79.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475306/; classtype:trojan-activity;sid:84338406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475305/; classtype:trojan-activity;sid:84338405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.78.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475304/; classtype:trojan-activity;sid:84338404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475303)"; flow:established,from_client; content:"GET"; http_method; content:"/wbd3vksq3z.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475303/; classtype:trojan-activity;sid:84338403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.40.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475302/; classtype:trojan-activity;sid:84338402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475301/; classtype:trojan-activity;sid:84338401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.252.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475300/; classtype:trojan-activity;sid:84338400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475299/; classtype:trojan-activity;sid:84338399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.51.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475298/; classtype:trojan-activity;sid:84338398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475297/; classtype:trojan-activity;sid:84338397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.136.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475296/; classtype:trojan-activity;sid:84338396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.162.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475295/; classtype:trojan-activity;sid:84338395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475287/; classtype:trojan-activity;sid:84338387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475288/; classtype:trojan-activity;sid:84338388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475289/; classtype:trojan-activity;sid:84338389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475290/; classtype:trojan-activity;sid:84338390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.6.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475291/; classtype:trojan-activity;sid:84338391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.11.50"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475292/; classtype:trojan-activity;sid:84338392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.147.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475293/; classtype:trojan-activity;sid:84338393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475294/; classtype:trojan-activity;sid:84338394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475286/; classtype:trojan-activity;sid:84338386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.252.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475285/; classtype:trojan-activity;sid:84338385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.186.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475284/; classtype:trojan-activity;sid:84338384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475283)"; flow:established,from_client; content:"GET"; http_method; content:"/abxzii8sit.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475283/; classtype:trojan-activity;sid:84338383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.240.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475282/; classtype:trojan-activity;sid:84338382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475281/; classtype:trojan-activity;sid:84338381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.162.203.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475280/; classtype:trojan-activity;sid:84338380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475278/; classtype:trojan-activity;sid:84338378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.115.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475279/; classtype:trojan-activity;sid:84338379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.158.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475277/; classtype:trojan-activity;sid:84338377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.120.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475276/; classtype:trojan-activity;sid:84338376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475275)"; flow:established,from_client; content:"GET"; http_method; content:"/pgy9k9gc7m.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475275/; classtype:trojan-activity;sid:84338375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.200.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475274/; classtype:trojan-activity;sid:84338374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475273/; classtype:trojan-activity;sid:84338373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.118.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475272/; classtype:trojan-activity;sid:84338372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.250.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475271/; classtype:trojan-activity;sid:84338371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.186.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475270/; classtype:trojan-activity;sid:84338370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.120.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475269/; classtype:trojan-activity;sid:84338369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.79.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475267/; classtype:trojan-activity;sid:84338367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475268)"; flow:established,from_client; content:"GET"; http_method; content:"/j8gkimvkak.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475268/; classtype:trojan-activity;sid:84338368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475266/; classtype:trojan-activity;sid:84338366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.158.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475265/; classtype:trojan-activity;sid:84338365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475264/; classtype:trojan-activity;sid:84338364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.162.203.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475263/; classtype:trojan-activity;sid:84338363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475262)"; flow:established,from_client; content:"GET"; http_method; content:"/oyh1tx0gel.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475262/; classtype:trojan-activity;sid:84338362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.72.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475261/; classtype:trojan-activity;sid:84338361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.140.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475260/; classtype:trojan-activity;sid:84338360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475259/; classtype:trojan-activity;sid:84338359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.63.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475258/; classtype:trojan-activity;sid:84338358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.175.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475256/; classtype:trojan-activity;sid:84338356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.200.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475257/; classtype:trojan-activity;sid:84338357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.140.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475255/; classtype:trojan-activity;sid:84338355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475254)"; flow:established,from_client; content:"GET"; http_method; content:"/ip80m45as3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475254/; classtype:trojan-activity;sid:84338354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.182.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475253/; classtype:trojan-activity;sid:84338353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.250.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475252/; classtype:trojan-activity;sid:84338352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.9.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475251/; classtype:trojan-activity;sid:84338351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.72.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475250/; classtype:trojan-activity;sid:84338350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.131.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475249/; classtype:trojan-activity;sid:84338349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.134.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475248/; classtype:trojan-activity;sid:84338348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475247)"; flow:established,from_client; content:"GET"; http_method; content:"/fs75v00tty.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475247/; classtype:trojan-activity;sid:84338347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.188.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475246/; classtype:trojan-activity;sid:84338346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475245/; classtype:trojan-activity;sid:84338345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475244)"; flow:established,from_client; content:"GET"; http_method; content:"/bejv86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475244/; classtype:trojan-activity;sid:84338344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475243/; classtype:trojan-activity;sid:84338343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.63.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475242/; classtype:trojan-activity;sid:84338342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475241)"; flow:established,from_client; content:"GET"; http_method; content:"/96aoq2px64.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475241/; classtype:trojan-activity;sid:84338341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475240/; classtype:trojan-activity;sid:84338340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.166.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475239/; classtype:trojan-activity;sid:84338339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.188.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475238/; classtype:trojan-activity;sid:84338338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475237)"; flow:established,from_client; content:"GET"; http_method; content:"/6dsvr0ostr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475237/; classtype:trojan-activity;sid:84338337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.178.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475236/; classtype:trojan-activity;sid:84338336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.219.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475235/; classtype:trojan-activity;sid:84338335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.94.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475234/; classtype:trojan-activity;sid:84338334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.204.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475233/; classtype:trojan-activity;sid:84338333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475232)"; flow:established,from_client; content:"GET"; http_method; content:"/8hpy38hw30.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475232/; classtype:trojan-activity;sid:84338332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.62.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475231/; classtype:trojan-activity;sid:84338331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.178.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475230/; classtype:trojan-activity;sid:84338330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.203.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475229/; classtype:trojan-activity;sid:84338329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475228)"; flow:established,from_client; content:"GET"; http_method; content:"/gjog6vueqj.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475228/; classtype:trojan-activity;sid:84338328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.100.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475227/; classtype:trojan-activity;sid:84338327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.172.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475226/; classtype:trojan-activity;sid:84338326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.100.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475225/; classtype:trojan-activity;sid:84338325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.1.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475222/; classtype:trojan-activity;sid:84338322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.85.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475223/; classtype:trojan-activity;sid:84338323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.47.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475224/; classtype:trojan-activity;sid:84338324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.155.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475221/; classtype:trojan-activity;sid:84338321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475220/; classtype:trojan-activity;sid:84338320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.204.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475219/; classtype:trojan-activity;sid:84338319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475218/; classtype:trojan-activity;sid:84338318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.91.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475217/; classtype:trojan-activity;sid:84338317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.182.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475216/; classtype:trojan-activity;sid:84338316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.177.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475215/; classtype:trojan-activity;sid:84338315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475213)"; flow:established,from_client; content:"GET"; http_method; content:"/73f7gl5t7n.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475213/; classtype:trojan-activity;sid:84338313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475214/; classtype:trojan-activity;sid:84338314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.117.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475212/; classtype:trojan-activity;sid:84338312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475211/; classtype:trojan-activity;sid:84338311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.11.63.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475210/; classtype:trojan-activity;sid:84338310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.62.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475209/; classtype:trojan-activity;sid:84338309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475208)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475208/; classtype:trojan-activity;sid:84338308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.117.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475207/; classtype:trojan-activity;sid:84338307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475206)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475206/; classtype:trojan-activity;sid:84338306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.85.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475205/; classtype:trojan-activity;sid:84338305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475198)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475198/; classtype:trojan-activity;sid:84338298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475199)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475199/; classtype:trojan-activity;sid:84338299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475200)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475200/; classtype:trojan-activity;sid:84338300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475201)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475201/; classtype:trojan-activity;sid:84338301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475202)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475202/; classtype:trojan-activity;sid:84338302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475203)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475203/; classtype:trojan-activity;sid:84338303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475204)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475204/; classtype:trojan-activity;sid:84338304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475197)"; flow:established,from_client; content:"GET"; http_method; content:"/veox8gaw7y.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475197/; classtype:trojan-activity;sid:84338297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.47.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475195/; classtype:trojan-activity;sid:84338295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.1.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475196/; classtype:trojan-activity;sid:84338296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475194)"; flow:established,from_client; content:"GET"; http_method; content:"/0esievoqne.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475194/; classtype:trojan-activity;sid:84338294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.139.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475193/; classtype:trojan-activity;sid:84338293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475192)"; flow:established,from_client; content:"GET"; http_method; content:"/z778oxt7lr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475192/; classtype:trojan-activity;sid:84338292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475189)"; flow:established,from_client; content:"GET"; http_method; content:"/41kucsa01b.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475189/; classtype:trojan-activity;sid:84338289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475190)"; flow:established,from_client; content:"GET"; http_method; content:"/jauyoqkev5.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475190/; classtype:trojan-activity;sid:84338290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475191)"; flow:established,from_client; content:"GET"; http_method; content:"/173wnp5j7o.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475191/; classtype:trojan-activity;sid:84338291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475188)"; flow:established,from_client; content:"GET"; http_method; content:"/2i16p1cxhe.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475188/; classtype:trojan-activity;sid:84338288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475181)"; flow:established,from_client; content:"GET"; http_method; content:"/3bzg0nbi0z.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475181/; classtype:trojan-activity;sid:84338281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475182)"; flow:established,from_client; content:"GET"; http_method; content:"/qg1ncw2kj9.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475182/; classtype:trojan-activity;sid:84338282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475183)"; flow:established,from_client; content:"GET"; http_method; content:"/e1wekwq8pw.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475183/; classtype:trojan-activity;sid:84338283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475184)"; flow:established,from_client; content:"GET"; http_method; content:"/kzg80pd12d.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475184/; classtype:trojan-activity;sid:84338284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475185)"; flow:established,from_client; content:"GET"; http_method; content:"/ezz9vd26i5.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475185/; classtype:trojan-activity;sid:84338285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475186)"; flow:established,from_client; content:"GET"; http_method; content:"/q6bqly0g8p.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475186/; classtype:trojan-activity;sid:84338286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475187)"; flow:established,from_client; content:"GET"; http_method; content:"/ocy59sa73f.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475187/; classtype:trojan-activity;sid:84338287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475179)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.238.116.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475179/; classtype:trojan-activity;sid:84338279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475180)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.238.116.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475180/; classtype:trojan-activity;sid:84338280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.155.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475177/; classtype:trojan-activity;sid:84338277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475178)"; flow:established,from_client; content:"GET"; http_method; content:"/z6c9668fqg.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475178/; classtype:trojan-activity;sid:84338278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.114.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475176/; classtype:trojan-activity;sid:84338276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475175/; classtype:trojan-activity;sid:84338275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475174/; classtype:trojan-activity;sid:84338274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.124.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475173/; classtype:trojan-activity;sid:84338273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.182.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475172/; classtype:trojan-activity;sid:84338272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475171/; classtype:trojan-activity;sid:84338271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.182.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475170/; classtype:trojan-activity;sid:84338270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475169/; classtype:trojan-activity;sid:84338269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475168)"; flow:established,from_client; content:"GET"; http_method; content:"/900wkbdy13.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475168/; classtype:trojan-activity;sid:84338268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475167/; classtype:trojan-activity;sid:84338267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.191.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475166/; classtype:trojan-activity;sid:84338266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475165/; classtype:trojan-activity;sid:84338265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.186.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475164/; classtype:trojan-activity;sid:84338264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.114.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475163/; classtype:trojan-activity;sid:84338263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.155.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475162/; classtype:trojan-activity;sid:84338262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475161)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalarm6agent"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475161/; classtype:trojan-activity;sid:84338261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475151)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federali486agent"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475151/; classtype:trojan-activity;sid:84338251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475152)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalmpslagent"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475152/; classtype:trojan-activity;sid:84338252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475153)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalarmagent"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475153/; classtype:trojan-activity;sid:84338253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475154)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalarcagent"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475154/; classtype:trojan-activity;sid:84338254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475155)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalarm7agent"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475155/; classtype:trojan-activity;sid:84338255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475156)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalm68kagent"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475156/; classtype:trojan-activity;sid:84338256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475157)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalmipsagent"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475157/; classtype:trojan-activity;sid:84338257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475158)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalx86agent"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475158/; classtype:trojan-activity;sid:84338258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475159)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federali686agent"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475159/; classtype:trojan-activity;sid:84338259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475160)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalsh4agent"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475160/; classtype:trojan-activity;sid:84338260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475150)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalppcagent"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475150/; classtype:trojan-activity;sid:84338250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475149)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/federalarm5agent"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475149/; classtype:trojan-activity;sid:84338249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475148/; classtype:trojan-activity;sid:84338248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.88.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475147/; classtype:trojan-activity;sid:84338247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475146)"; flow:established,from_client; content:"GET"; http_method; content:"/2dsbn2hrso.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475146/; classtype:trojan-activity;sid:84338246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.46.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475145/; classtype:trojan-activity;sid:84338245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475144)"; flow:established,from_client; content:"GET"; http_method; content:"/qer5o3mheu.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475144/; classtype:trojan-activity;sid:84338244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.54.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475143/; classtype:trojan-activity;sid:84338243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475142)"; flow:established,from_client; content:"GET"; http_method; content:"/pejcwccx2s.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475142/; classtype:trojan-activity;sid:84338242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.95.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475141/; classtype:trojan-activity;sid:84338241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.148.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475140/; classtype:trojan-activity;sid:84338240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.102.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475139/; classtype:trojan-activity;sid:84338239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.88.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475138/; classtype:trojan-activity;sid:84338238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.163.198.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475137/; classtype:trojan-activity;sid:84338237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475136)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.fesuy.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475136/; classtype:trojan-activity;sid:84338236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.186.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475135/; classtype:trojan-activity;sid:84338235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.200.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475134/; classtype:trojan-activity;sid:84338234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475133)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/rsc/uhg.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475133/; classtype:trojan-activity;sid:84338233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475130)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kscc/scc/everynicepersonwalkingentireplacesgoodformegreat.hta"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475130/; classtype:trojan-activity;sid:84338230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475131)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/nso/wecreatebestthingsentirelifeforgivenyou.hta"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"107.174.231.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475131/; classtype:trojan-activity;sid:84338231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475132)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/fmco/mco/mgoodnicepersonneedyourverywell.hta"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475132/; classtype:trojan-activity;sid:84338232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475129)"; flow:established,from_client; content:"GET"; http_method; content:"/688/wegrst/pleasemakebestthingsentiretimetogivebestof.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"104.168.7.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475129/; classtype:trojan-activity;sid:84338229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475128)"; flow:established,from_client; content:"GET"; http_method; content:"/6ypcl27iac.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475128/; classtype:trojan-activity;sid:84338228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475127/; classtype:trojan-activity;sid:84338227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.148.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475126/; classtype:trojan-activity;sid:84338226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.155.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475125/; classtype:trojan-activity;sid:84338225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.163.198.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475124/; classtype:trojan-activity;sid:84338224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.179.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475123/; classtype:trojan-activity;sid:84338223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.147.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475122/; classtype:trojan-activity;sid:84338222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475121/; classtype:trojan-activity;sid:84338221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475120)"; flow:established,from_client; content:"GET"; http_method; content:"/nd5jhailje.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475120/; classtype:trojan-activity;sid:84338220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475119/; classtype:trojan-activity;sid:84338219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.164.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475117/; classtype:trojan-activity;sid:84338217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.68.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475118/; classtype:trojan-activity;sid:84338218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.200.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475116/; classtype:trojan-activity;sid:84338216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.242.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475115/; classtype:trojan-activity;sid:84338215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.122.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475114/; classtype:trojan-activity;sid:84338214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475113)"; flow:established,from_client; content:"GET"; http_method; content:"/kxu9vzk98j.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475113/; classtype:trojan-activity;sid:84338213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.68.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475112/; classtype:trojan-activity;sid:84338212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.3.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475111/; classtype:trojan-activity;sid:84338211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.54.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475110/; classtype:trojan-activity;sid:84338210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.164.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475109/; classtype:trojan-activity;sid:84338209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.241.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475108/; classtype:trojan-activity;sid:84338208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.243.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475107/; classtype:trojan-activity;sid:84338207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475106)"; flow:established,from_client; content:"GET"; http_method; content:"/rw3b37kd61.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475106/; classtype:trojan-activity;sid:84338206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475105)"; flow:established,from_client; content:"GET"; http_method; content:"/530699.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.myconan.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475105/; classtype:trojan-activity;sid:84338205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.138.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475104/; classtype:trojan-activity;sid:84338204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.122.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475103/; classtype:trojan-activity;sid:84338203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.80.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475102/; classtype:trojan-activity;sid:84338202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.189.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475101/; classtype:trojan-activity;sid:84338201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475100)"; flow:established,from_client; content:"GET"; http_method; content:"/z5jdmpfrhu.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475100/; classtype:trojan-activity;sid:84338200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.242.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475099/; classtype:trojan-activity;sid:84338199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.138.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475098/; classtype:trojan-activity;sid:84338198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475097)"; flow:established,from_client; content:"GET"; http_method; content:"/deripascod/coderoom/refs/heads/main/noypjksdaw.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475097/; classtype:trojan-activity;sid:84338197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475096)"; flow:established,from_client; content:"GET"; http_method; content:"/deripascod/coderoom/raw/refs/heads/main/noypjksdaw.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475096/; classtype:trojan-activity;sid:84338196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475095)"; flow:established,from_client; content:"GET"; http_method; content:"/deripascod/coderoom/raw/refs/heads/main/service.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475095/; classtype:trojan-activity;sid:84338195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475093)"; flow:established,from_client; content:"GET"; http_method; content:"/spim"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.90.153.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475093/; classtype:trojan-activity;sid:84338193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475094)"; flow:established,from_client; content:"GET"; http_method; content:"/l7vmra"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.90.153.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475094/; classtype:trojan-activity;sid:84338194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.131.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475092/; classtype:trojan-activity;sid:84338192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.78.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475091/; classtype:trojan-activity;sid:84338191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475090)"; flow:established,from_client; content:"GET"; http_method; content:"/xsm044r82w.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475090/; classtype:trojan-activity;sid:84338190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.115.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475089/; classtype:trojan-activity;sid:84338189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.152.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475088/; classtype:trojan-activity;sid:84338188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.29.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475087/; classtype:trojan-activity;sid:84338187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475086)"; flow:established,from_client; content:"GET"; http_method; content:"/8ajod4x5uz.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475086/; classtype:trojan-activity;sid:84338186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475085/; classtype:trojan-activity;sid:84338185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.54.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475084/; classtype:trojan-activity;sid:84338184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.23.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475083/; classtype:trojan-activity;sid:84338183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.253.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475079/; classtype:trojan-activity;sid:84338179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.180.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475080/; classtype:trojan-activity;sid:84338180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.93.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475081/; classtype:trojan-activity;sid:84338181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.176.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475082/; classtype:trojan-activity;sid:84338182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475077/; classtype:trojan-activity;sid:84338177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.41.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475078/; classtype:trojan-activity;sid:84338178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.87.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475076/; classtype:trojan-activity;sid:84338176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.244.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475075/; classtype:trojan-activity;sid:84338175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475074)"; flow:established,from_client; content:"GET"; http_method; content:"/kw8lpdq4bh.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475074/; classtype:trojan-activity;sid:84338174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.5.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475073/; classtype:trojan-activity;sid:84338173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.211.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475072/; classtype:trojan-activity;sid:84338172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.166.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475071/; classtype:trojan-activity;sid:84338171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.137.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475070/; classtype:trojan-activity;sid:84338170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.50.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475069/; classtype:trojan-activity;sid:84338169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.173.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475068/; classtype:trojan-activity;sid:84338168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475067)"; flow:established,from_client; content:"GET"; http_method; content:"/5xrw5f1g9a.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475067/; classtype:trojan-activity;sid:84338167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.244.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475066/; classtype:trojan-activity;sid:84338166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.211.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475065/; classtype:trojan-activity;sid:84338165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.137.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475064/; classtype:trojan-activity;sid:84338164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.179.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475063/; classtype:trojan-activity;sid:84338163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475060/; classtype:trojan-activity;sid:84338160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475061/; classtype:trojan-activity;sid:84338161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.142.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475062/; classtype:trojan-activity;sid:84338162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475059/; classtype:trojan-activity;sid:84338159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.114.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475058/; classtype:trojan-activity;sid:84338158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475057)"; flow:established,from_client; content:"GET"; http_method; content:"/b24u2po7pr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475057/; classtype:trojan-activity;sid:84338157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.170.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475056/; classtype:trojan-activity;sid:84338156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475055/; classtype:trojan-activity;sid:84338155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.55.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475054/; classtype:trojan-activity;sid:84338154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475053)"; flow:established,from_client; content:"GET"; http_method; content:"/itr7rg3n36.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475053/; classtype:trojan-activity;sid:84338153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.179.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475052/; classtype:trojan-activity;sid:84338152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.38.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475051/; classtype:trojan-activity;sid:84338151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475049)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qn-vspmwtzzds5rb24poenikiyvhdyjx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475049/; classtype:trojan-activity;sid:84338149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475050)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16snv_95w0ne4lrqifbdrshujp1xqvvyr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475050/; classtype:trojan-activity;sid:84338150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.73.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475048/; classtype:trojan-activity;sid:84338148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475047/; classtype:trojan-activity;sid:84338147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475046)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/cvo/mybestgirlfriendwalkingaroundtheworld.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"192.227.228.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475046/; classtype:trojan-activity;sid:84338146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475045)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/nso/wekissingbestgirleveryseenwithmygirl.hta"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"198.12.89.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475045/; classtype:trojan-activity;sid:84338145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.189.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475044/; classtype:trojan-activity;sid:84338144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.4.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475043/; classtype:trojan-activity;sid:84338143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.55.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475042/; classtype:trojan-activity;sid:84338142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475041)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/umo/seethenewgenerationnextgoodforbest.gif"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"172.245.191.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475041/; classtype:trojan-activity;sid:84338141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475040)"; flow:established,from_client; content:"GET"; http_method; content:"/ku8402e9bp.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475040/; classtype:trojan-activity;sid:84338140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.186.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475039/; classtype:trojan-activity;sid:84338139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475038)"; flow:established,from_client; content:"GET"; http_method; content:"/560/vcc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475038/; classtype:trojan-activity;sid:84338138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.38.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475037/; classtype:trojan-activity;sid:84338137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.88.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475036/; classtype:trojan-activity;sid:84338136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.186.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475035/; classtype:trojan-activity;sid:84338135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.183.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475034/; classtype:trojan-activity;sid:84338134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475033)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"webmail.denver-computer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475033/; classtype:trojan-activity;sid:84338133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.189.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475032/; classtype:trojan-activity;sid:84338132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475031)"; flow:established,from_client; content:"GET"; http_method; content:"/cakyqw3qbd.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475031/; classtype:trojan-activity;sid:84338131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475030/; classtype:trojan-activity;sid:84338130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475029/; classtype:trojan-activity;sid:84338129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.73.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475028/; classtype:trojan-activity;sid:84338128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475027/; classtype:trojan-activity;sid:84338127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.4.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475026/; classtype:trojan-activity;sid:84338126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475025/; classtype:trojan-activity;sid:84338125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.73.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475024/; classtype:trojan-activity;sid:84338124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475011)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/dpccdbec.dat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475011/; classtype:trojan-activity;sid:84338111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475012)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/bjmrkccqzew.mp4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475012/; classtype:trojan-activity;sid:84338112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475013)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/ibukcpzsykklyaxh57.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475013/; classtype:trojan-activity;sid:84338113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475014)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/nmtwfargjh.mp4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475014/; classtype:trojan-activity;sid:84338114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475015)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/screenshot.jpeg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475015/; classtype:trojan-activity;sid:84338115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475016)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/tdudwgsn.pdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475016/; classtype:trojan-activity;sid:84338116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475017)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/nvntvitn.vdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475017/; classtype:trojan-activity;sid:84338117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475018)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/hqdnydngrg.wav"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475018/; classtype:trojan-activity;sid:84338118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475019)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/nakuzcboqi.wav"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475019/; classtype:trojan-activity;sid:84338119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475020)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/wtkyklf.wav"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475020/; classtype:trojan-activity;sid:84338120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.80.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475021/; classtype:trojan-activity;sid:84338121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475022)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/jptev.wav"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475022/; classtype:trojan-activity;sid:84338122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475023)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/dsrwi.wav"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475023/; classtype:trojan-activity;sid:84338123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474993)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/ycrxjawujg.dat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474993/; classtype:trojan-activity;sid:84338093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474994)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/qghdfkpne.wav"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474994/; classtype:trojan-activity;sid:84338094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474995)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/tscgom.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474995/; classtype:trojan-activity;sid:84338095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474996)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/amdcwyams.mp3"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474996/; classtype:trojan-activity;sid:84338096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474997)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/pbpcqpu.mp3"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474997/; classtype:trojan-activity;sid:84338097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474998)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/zdvjvkrwvxk.mp4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474998/; classtype:trojan-activity;sid:84338098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474999)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/ojwbpg.vdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474999/; classtype:trojan-activity;sid:84338099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475000)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/ijzdizosk.pdf"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475000/; classtype:trojan-activity;sid:84338100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475001)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/mrlol.wav"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475001/; classtype:trojan-activity;sid:84338101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475002)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/smfecjwklti.wav"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475002/; classtype:trojan-activity;sid:84338102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475003)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/vfzvrek.dat"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475003/; classtype:trojan-activity;sid:84338103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475004)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/ujerkgdnzys.mp3"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475004/; classtype:trojan-activity;sid:84338104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475005)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/xzrblvcaokm.dat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475005/; classtype:trojan-activity;sid:84338105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475006)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/hjymj.dat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475006/; classtype:trojan-activity;sid:84338106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475007)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/mqwjrwylhju.mp3"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475007/; classtype:trojan-activity;sid:84338107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475008)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/yqdbkp.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475008/; classtype:trojan-activity;sid:84338108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475009)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/doqfp.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475009/; classtype:trojan-activity;sid:84338109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475010)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/kqgik.dat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3475010/; classtype:trojan-activity;sid:84338110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474971)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/gjyuu.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474971/; classtype:trojan-activity;sid:84338071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474972)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/stgeglynrvt.wav"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474972/; classtype:trojan-activity;sid:84338072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.88.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474973/; classtype:trojan-activity;sid:84338073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474974)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/edwkz.mp3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474974/; classtype:trojan-activity;sid:84338074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474975)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/yddsfeutirlfo26.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474975/; classtype:trojan-activity;sid:84338075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474976)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/gnwfdup.vdf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474976/; classtype:trojan-activity;sid:84338076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474977)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/wujgrhloh.wav"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474977/; classtype:trojan-activity;sid:84338077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474978)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/mqdmgqxbknv.vdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474978/; classtype:trojan-activity;sid:84338078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474979)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/qadmv.mp4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474979/; classtype:trojan-activity;sid:84338079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474980)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/htwntbeh.wav"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474980/; classtype:trojan-activity;sid:84338080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474981)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/otoeaxubk155.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474981/; classtype:trojan-activity;sid:84338081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474982)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/lguqrnp.dat"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474982/; classtype:trojan-activity;sid:84338082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474983)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/kuuhx.vdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474983/; classtype:trojan-activity;sid:84338083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474984)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/krtigjvrj.mp3"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474984/; classtype:trojan-activity;sid:84338084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474985)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/gbisgww.pdf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474985/; classtype:trojan-activity;sid:84338085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474986)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/gbdjwqxdouusrlkvcldw24.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474986/; classtype:trojan-activity;sid:84338086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474987)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/wcipwp.wav"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474987/; classtype:trojan-activity;sid:84338087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474988)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/gmzigncddx.wav"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474988/; classtype:trojan-activity;sid:84338088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474989)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/jzuiqdzjryn.mp3"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474989/; classtype:trojan-activity;sid:84338089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474990)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/yowra.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474990/; classtype:trojan-activity;sid:84338090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474991)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/ucauwnlzbn.mp3"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474991/; classtype:trojan-activity;sid:84338091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474992)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/yefxawddrt.dat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474992/; classtype:trojan-activity;sid:84338092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474970)"; flow:established,from_client; content:"GET"; http_method; content:"/cir/xavvmge.dat"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474970/; classtype:trojan-activity;sid:84338070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474969)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/wjqixsbs.vdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474969/; classtype:trojan-activity;sid:84338069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474966)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/cearmxuvtl.mp4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474966/; classtype:trojan-activity;sid:84338066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474967)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/kxruyuecd.dat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474967/; classtype:trojan-activity;sid:84338067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474968)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/yqhuoutywpq.pdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474968/; classtype:trojan-activity;sid:84338068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474965)"; flow:established,from_client; content:"GET"; http_method; content:"/eai4zcjndl.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474965/; classtype:trojan-activity;sid:84338065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474962)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/fireballs.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474962/; classtype:trojan-activity;sid:84338062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474963)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/brain.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474963/; classtype:trojan-activity;sid:84338063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474964)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/kent.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474964/; classtype:trojan-activity;sid:84338064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474959)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/kent.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474959/; classtype:trojan-activity;sid:84338059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474960)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/cozyrem.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474960/; classtype:trojan-activity;sid:84338060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474961)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/brain.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474961/; classtype:trojan-activity;sid:84338061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474956)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/believe.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474956/; classtype:trojan-activity;sid:84338056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474957)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/obfuscated.rar"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474957/; classtype:trojan-activity;sid:84338057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474958)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/converter.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474958/; classtype:trojan-activity;sid:84338058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474955)"; flow:established,from_client; content:"GET"; http_method; content:"/orsjkdueju156.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"24.199.102.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474955/; classtype:trojan-activity;sid:84338055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474954)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/muk.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474954/; classtype:trojan-activity;sid:84338054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474951)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/eng.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474951/; classtype:trojan-activity;sid:84338051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474952)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/mkboy.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474952/; classtype:trojan-activity;sid:84338052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474953)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/muk.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474953/; classtype:trojan-activity;sid:84338053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474950)"; flow:established,from_client; content:"GET"; http_method; content:"/rowgesvkv189.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"204.10.160.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474950/; classtype:trojan-activity;sid:84338050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474949)"; flow:established,from_client; content:"GET"; http_method; content:"/ihiqit236.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.92.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474949/; classtype:trojan-activity;sid:84338049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474948)"; flow:established,from_client; content:"GET"; http_method; content:"/vvqcwoh210.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.92.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474948/; classtype:trojan-activity;sid:84338048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.166.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474947/; classtype:trojan-activity;sid:84338047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.25.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474946/; classtype:trojan-activity;sid:84338046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.92.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474945/; classtype:trojan-activity;sid:84338045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.140.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474944/; classtype:trojan-activity;sid:84338044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.255.15.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474943/; classtype:trojan-activity;sid:84338043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.124.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474942/; classtype:trojan-activity;sid:84338042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474941)"; flow:established,from_client; content:"GET"; http_method; content:"/8zxwhzn2em.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474941/; classtype:trojan-activity;sid:84338041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.174.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474940/; classtype:trojan-activity;sid:84338040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474939/; classtype:trojan-activity;sid:84338039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.213.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474938/; classtype:trojan-activity;sid:84338038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.46.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474937/; classtype:trojan-activity;sid:84338037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.210.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474936/; classtype:trojan-activity;sid:84338036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.66.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474935/; classtype:trojan-activity;sid:84338035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.70.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474934/; classtype:trojan-activity;sid:84338034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474933)"; flow:established,from_client; content:"GET"; http_method; content:"/g6i3e35mx3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474933/; classtype:trojan-activity;sid:84338033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474932/; classtype:trojan-activity;sid:84338032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.124.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474931/; classtype:trojan-activity;sid:84338031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.240.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474930/; classtype:trojan-activity;sid:84338030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.135.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474929/; classtype:trojan-activity;sid:84338029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.1.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474928/; classtype:trojan-activity;sid:84338028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.140.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474927/; classtype:trojan-activity;sid:84338027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.46.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474924/; classtype:trojan-activity;sid:84338024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474925)"; flow:established,from_client; content:"GET"; http_method; content:"/yiy7fvlob5.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474925/; classtype:trojan-activity;sid:84338025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.73.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474926/; classtype:trojan-activity;sid:84338026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.28.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474923/; classtype:trojan-activity;sid:84338023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474915)"; flow:established,from_client; content:"GET"; http_method; content:"/evan-theo/ninjagram-download/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474915/; classtype:trojan-activity;sid:84338015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474916)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474916/; classtype:trojan-activity;sid:84338016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474917)"; flow:established,from_client; content:"GET"; http_method; content:"/subir-090/m0dmenu-gta5-free/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474917/; classtype:trojan-activity;sid:84338017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474918)"; flow:established,from_client; content:"GET"; http_method; content:"/trigonevo/m0dmenu-gta5-free/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474918/; classtype:trojan-activity;sid:84338018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474919)"; flow:established,from_client; content:"GET"; http_method; content:"/sporty18000/mobiledit-forensic-express-pro-free/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474919/; classtype:trojan-activity;sid:84338019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474920)"; flow:established,from_client; content:"GET"; http_method; content:"/luckee8898/tenorshare-reiboot-pro-download/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474920/; classtype:trojan-activity;sid:84338020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474921)"; flow:established,from_client; content:"GET"; http_method; content:"/y9087/deep-live-cam-by-fx/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474921/; classtype:trojan-activity;sid:84338021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474922)"; flow:established,from_client; content:"GET"; http_method; content:"/rn098/figma-free-crack/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474922/; classtype:trojan-activity;sid:84338022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.213.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474914/; classtype:trojan-activity;sid:84338014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.70.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474913/; classtype:trojan-activity;sid:84338013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.175.181.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474912/; classtype:trojan-activity;sid:84338012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.140.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474911/; classtype:trojan-activity;sid:84338011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474910)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.240.197.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474910/; classtype:trojan-activity;sid:84338010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474909)"; flow:established,from_client; content:"GET"; http_method; content:"/o2qxrj96kd.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474909/; classtype:trojan-activity;sid:84338009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.87.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474907/; classtype:trojan-activity;sid:84338007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474908/; classtype:trojan-activity;sid:84338008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474904)"; flow:established,from_client; content:"GET"; http_method; content:"/owvoez7ek2.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474904/; classtype:trojan-activity;sid:84338004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.1.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474905/; classtype:trojan-activity;sid:84338005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.181.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474906/; classtype:trojan-activity;sid:84338006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.61.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474903/; classtype:trojan-activity;sid:84338003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474902)"; flow:established,from_client; content:"GET"; http_method; content:"/z354v1b309.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474902/; classtype:trojan-activity;sid:84338002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.132.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474901/; classtype:trojan-activity;sid:84338001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.85.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474900/; classtype:trojan-activity;sid:84338000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.61.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474899/; classtype:trojan-activity;sid:84337999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.173.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474898/; classtype:trojan-activity;sid:84337998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474897)"; flow:established,from_client; content:"GET"; http_method; content:"/jwmeg2m5oz.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474897/; classtype:trojan-activity;sid:84337997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474896)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"def.ball-strike-up.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474896/; classtype:trojan-activity;sid:84337996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474895)"; flow:established,from_client; content:"GET"; http_method; content:"/f38186770bffa4a12a7170942b9c0d71ac736142924da24a.xlt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ne1.discoverconicalcrouton.shop"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474895/; classtype:trojan-activity;sid:84337995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474894)"; flow:established,from_client; content:"GET"; http_method; content:"/braydon37/m0dmenu-gta5-free/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474894/; classtype:trojan-activity;sid:84337994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.191.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474892/; classtype:trojan-activity;sid:84337992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474893)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"jsfiles-bqq.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474893/; classtype:trojan-activity;sid:84337993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474891/; classtype:trojan-activity;sid:84337991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474890/; classtype:trojan-activity;sid:84337990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.100.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474888/; classtype:trojan-activity;sid:84337988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474889)"; flow:established,from_client; content:"GET"; http_method; content:"/cekoost7an.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474889/; classtype:trojan-activity;sid:84337989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474887/; classtype:trojan-activity;sid:84337987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.252.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474886/; classtype:trojan-activity;sid:84337986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474885)"; flow:established,from_client; content:"GET"; http_method; content:"/q4yltbtqn0.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474885/; classtype:trojan-activity;sid:84337985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474884/; classtype:trojan-activity;sid:84337984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474883/; classtype:trojan-activity;sid:84337983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.151.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474882/; classtype:trojan-activity;sid:84337982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474881/; classtype:trojan-activity;sid:84337981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.100.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474880/; classtype:trojan-activity;sid:84337980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474879)"; flow:established,from_client; content:"GET"; http_method; content:"/5jhkatrgfi.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474879/; classtype:trojan-activity;sid:84337979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.125.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474878/; classtype:trojan-activity;sid:84337978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474877/; classtype:trojan-activity;sid:84337977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474876)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.tefee.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474876/; classtype:trojan-activity;sid:84337976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474874/; classtype:trojan-activity;sid:84337974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474875)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7c74f1976d8f3415/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"upload.nolog.cz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474875/; classtype:trojan-activity;sid:84337975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474873/; classtype:trojan-activity;sid:84337973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474872)"; flow:established,from_client; content:"GET"; http_method; content:"/0ulx419dwb.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474872/; classtype:trojan-activity;sid:84337972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.26.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474871/; classtype:trojan-activity;sid:84337971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.7.215"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474870/; classtype:trojan-activity;sid:84337970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474869/; classtype:trojan-activity;sid:84337969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.49.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474868/; classtype:trojan-activity;sid:84337968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.102.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474867/; classtype:trojan-activity;sid:84337967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.215.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474866/; classtype:trojan-activity;sid:84337966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474865)"; flow:established,from_client; content:"GET"; http_method; content:"/wu4jzzzgu0.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474865/; classtype:trojan-activity;sid:84337965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.26.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474864/; classtype:trojan-activity;sid:84337964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474858/; classtype:trojan-activity;sid:84337958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474859)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474859/; classtype:trojan-activity;sid:84337959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474860)"; flow:established,from_client; content:"GET"; http_method; content:"/ee/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474860/; classtype:trojan-activity;sid:84337960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474861)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mips64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474861/; classtype:trojan-activity;sid:84337961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474862)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474862/; classtype:trojan-activity;sid:84337962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474863)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv4eb"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474863/; classtype:trojan-activity;sid:84337963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474833)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474833/; classtype:trojan-activity;sid:84337933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474834)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474834/; classtype:trojan-activity;sid:84337934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474835)"; flow:established,from_client; content:"GET"; http_method; content:"/n"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474835/; classtype:trojan-activity;sid:84337935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474836)"; flow:established,from_client; content:"GET"; http_method; content:"/e"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474836/; classtype:trojan-activity;sid:84337936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474837)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474837/; classtype:trojan-activity;sid:84337937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474838)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/powerpc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474838/; classtype:trojan-activity;sid:84337938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474839)"; flow:established,from_client; content:"GET"; http_method; content:"/v"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474839/; classtype:trojan-activity;sid:84337939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474840)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/sparc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474840/; classtype:trojan-activity;sid:84337940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474841)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474841/; classtype:trojan-activity;sid:84337941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474842)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474842/; classtype:trojan-activity;sid:84337942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474843)"; flow:established,from_client; content:"GET"; http_method; content:"/ee/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474843/; classtype:trojan-activity;sid:84337943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474844)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mips64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474844/; classtype:trojan-activity;sid:84337944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474845)"; flow:established,from_client; content:"GET"; http_method; content:"/ee/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474845/; classtype:trojan-activity;sid:84337945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474846)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/riscv32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474846/; classtype:trojan-activity;sid:84337946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474847)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474847/; classtype:trojan-activity;sid:84337947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474848)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474848/; classtype:trojan-activity;sid:84337948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474849)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474849/; classtype:trojan-activity;sid:84337949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474850)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474850/; classtype:trojan-activity;sid:84337950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474851)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474851/; classtype:trojan-activity;sid:84337951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474852)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mipsel64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474852/; classtype:trojan-activity;sid:84337952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474853)"; flow:established,from_client; content:"GET"; http_method; content:"/ee/armv4eb"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474853/; classtype:trojan-activity;sid:84337953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474854)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474854/; classtype:trojan-activity;sid:84337954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474855)"; flow:established,from_client; content:"GET"; http_method; content:"/k"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474855/; classtype:trojan-activity;sid:84337955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474856)"; flow:established,from_client; content:"GET"; http_method; content:"/ee/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474856/; classtype:trojan-activity;sid:84337956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474857)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474857/; classtype:trojan-activity;sid:84337957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474832)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474832/; classtype:trojan-activity;sid:84337932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.62.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474831/; classtype:trojan-activity;sid:84337931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.136.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474830/; classtype:trojan-activity;sid:84337930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.123.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474829/; classtype:trojan-activity;sid:84337929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.123.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474828/; classtype:trojan-activity;sid:84337928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474827)"; flow:established,from_client; content:"GET"; http_method; content:"/9txz8ihsx6.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474827/; classtype:trojan-activity;sid:84337927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474825)"; flow:established,from_client; content:"GET"; http_method; content:"/jameseeeeeeeeeee/carbon-executor/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474825/; classtype:trojan-activity;sid:84337925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474826)"; flow:established,from_client; content:"GET"; http_method; content:"/ayamato0/arceus-executor/releases/download/v2.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474826/; classtype:trojan-activity;sid:84337926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474821)"; flow:established,from_client; content:"GET"; http_method; content:"/willsmithyt/murder-mystery-2-autowin-educational-automation-for-roblox/releases/download/v1.0/release.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474821/; classtype:trojan-activity;sid:84337921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474822)"; flow:established,from_client; content:"GET"; http_method; content:"/phucthieul/gta-5-mod-menu-2025/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474822/; classtype:trojan-activity;sid:84337922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474823)"; flow:established,from_client; content:"GET"; http_method; content:"/ffffffwasredsfsdfse/arceus-executor/releases/download/v2.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474823/; classtype:trojan-activity;sid:84337923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474824)"; flow:established,from_client; content:"GET"; http_method; content:"/rock-op123/athena-executor/releases/download/v2.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474824/; classtype:trojan-activity;sid:84337924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474801)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474801/; classtype:trojan-activity;sid:84337901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474802)"; flow:established,from_client; content:"GET"; http_method; content:"/rafy35198/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474802/; classtype:trojan-activity;sid:84337902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474803)"; flow:established,from_client; content:"GET"; http_method; content:"/micheldouglas/roexec-executor/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474803/; classtype:trojan-activity;sid:84337903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474804)"; flow:established,from_client; content:"GET"; http_method; content:"/reachhtyiu/zorara-executor/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474804/; classtype:trojan-activity;sid:84337904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474805)"; flow:established,from_client; content:"GET"; http_method; content:"/okallo123/roblox-faxi-macro/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474805/; classtype:trojan-activity;sid:84337905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474806)"; flow:established,from_client; content:"GET"; http_method; content:"/tintermet/argon-executor-25/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474806/; classtype:trojan-activity;sid:84337906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474807)"; flow:established,from_client; content:"GET"; http_method; content:"/iancutkd/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474807/; classtype:trojan-activity;sid:84337907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474808)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474808/; classtype:trojan-activity;sid:84337908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474809)"; flow:established,from_client; content:"GET"; http_method; content:"/meshmod/roblox-celery/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474809/; classtype:trojan-activity;sid:84337909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474810)"; flow:established,from_client; content:"GET"; http_method; content:"/batman00md/roblox-fisch-script/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474810/; classtype:trojan-activity;sid:84337910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474811)"; flow:established,from_client; content:"GET"; http_method; content:"/oradule/carbon-executor/releases/download/v2.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474811/; classtype:trojan-activity;sid:84337911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474812)"; flow:established,from_client; content:"GET"; http_method; content:"/jslegido/cryptic-executor/releases/download/v2.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474812/; classtype:trojan-activity;sid:84337912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474813)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474813/; classtype:trojan-activity;sid:84337913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474814)"; flow:established,from_client; content:"GET"; http_method; content:"/booster78945/m0dmenu-gta5-free/releases/download/v2.0/release_x64.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474814/; classtype:trojan-activity;sid:84337914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474815)"; flow:established,from_client; content:"GET"; http_method; content:"/qsoow/seliware-executor/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474815/; classtype:trojan-activity;sid:84337915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474816)"; flow:established,from_client; content:"GET"; http_method; content:"/rodako/infinite-yield-admin-tool-for-roblox-educational-purposes/releases/download/v1.0/software.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474816/; classtype:trojan-activity;sid:84337916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474817)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474817/; classtype:trojan-activity;sid:84337917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474818)"; flow:established,from_client; content:"GET"; http_method; content:"/r2spamonyoutube/fivem-onx-handling-editor/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474818/; classtype:trojan-activity;sid:84337918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474819)"; flow:established,from_client; content:"GET"; http_method; content:"/kaykycampos/gta-benchmark/releases/download/v2.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474819/; classtype:trojan-activity;sid:84337919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474820)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474820/; classtype:trojan-activity;sid:84337920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.250.6.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474800/; classtype:trojan-activity;sid:84337900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.250.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474799/; classtype:trojan-activity;sid:84337899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474798)"; flow:established,from_client; content:"GET"; http_method; content:"/iferd34ann.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474798/; classtype:trojan-activity;sid:84337898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.136.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474797/; classtype:trojan-activity;sid:84337897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.226.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474796/; classtype:trojan-activity;sid:84337896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.234.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474795/; classtype:trojan-activity;sid:84337895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.233.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474794/; classtype:trojan-activity;sid:84337894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474791/; classtype:trojan-activity;sid:84337891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474792/; classtype:trojan-activity;sid:84337892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.92.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474793/; classtype:trojan-activity;sid:84337893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.214.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474790/; classtype:trojan-activity;sid:84337890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.154.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474786/; classtype:trojan-activity;sid:84337886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474787/; classtype:trojan-activity;sid:84337887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.1.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474788/; classtype:trojan-activity;sid:84337888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.0.183.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474789/; classtype:trojan-activity;sid:84337889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.1.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474785/; classtype:trojan-activity;sid:84337885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.73.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474784/; classtype:trojan-activity;sid:84337884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474783)"; flow:established,from_client; content:"GET"; http_method; content:"/5mlnpif6pc.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474783/; classtype:trojan-activity;sid:84337883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474782)"; flow:established,from_client; content:"GET"; http_method; content:"/lvh6xvq3qm.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474782/; classtype:trojan-activity;sid:84337882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.75.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474781/; classtype:trojan-activity;sid:84337881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474780/; classtype:trojan-activity;sid:84337880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.236.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474779/; classtype:trojan-activity;sid:84337879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.241.176.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474778/; classtype:trojan-activity;sid:84337878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474777)"; flow:established,from_client; content:"GET"; http_method; content:"/gzfqdd4sro.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474777/; classtype:trojan-activity;sid:84337877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.226.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474776/; classtype:trojan-activity;sid:84337876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.250.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474775/; classtype:trojan-activity;sid:84337875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.116.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474774/; classtype:trojan-activity;sid:84337874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474773)"; flow:established,from_client; content:"GET"; http_method; content:"/30l8403ilt.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474773/; classtype:trojan-activity;sid:84337873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.73.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474772/; classtype:trojan-activity;sid:84337872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.4.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474771/; classtype:trojan-activity;sid:84337871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.138.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474770/; classtype:trojan-activity;sid:84337870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.234.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474769/; classtype:trojan-activity;sid:84337869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.116.94.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474768/; classtype:trojan-activity;sid:84337868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.75.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474765/; classtype:trojan-activity;sid:84337865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474766/; classtype:trojan-activity;sid:84337866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.241.176.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474767/; classtype:trojan-activity;sid:84337867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474764)"; flow:established,from_client; content:"GET"; http_method; content:"/n81p9yktig.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474764/; classtype:trojan-activity;sid:84337864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474763/; classtype:trojan-activity;sid:84337863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.38.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474762/; classtype:trojan-activity;sid:84337862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.249.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474761/; classtype:trojan-activity;sid:84337861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474758)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474758/; classtype:trojan-activity;sid:84337858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474759)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474759/; classtype:trojan-activity;sid:84337859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474760)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474760/; classtype:trojan-activity;sid:84337860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.115.47.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474757/; classtype:trojan-activity;sid:84337857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.226.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474756/; classtype:trojan-activity;sid:84337856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.226.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474755/; classtype:trojan-activity;sid:84337855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.4.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474754/; classtype:trojan-activity;sid:84337854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.94.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474753/; classtype:trojan-activity;sid:84337853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474752/; classtype:trojan-activity;sid:84337852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474751/; classtype:trojan-activity;sid:84337851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474750)"; flow:established,from_client; content:"GET"; http_method; content:"/pixxxxxss/roblox-celery/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474750/; classtype:trojan-activity;sid:84337850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474738)"; flow:established,from_client; content:"GET"; http_method; content:"/hoang24092003/arceus-executor/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474738/; classtype:trojan-activity;sid:84337838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474739)"; flow:established,from_client; content:"GET"; http_method; content:"/usert6964gj/delta-executor/releases/download/v2.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474739/; classtype:trojan-activity;sid:84337839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474740)"; flow:established,from_client; content:"GET"; http_method; content:"/amr414/roblox-celery/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474740/; classtype:trojan-activity;sid:84337840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474741)"; flow:established,from_client; content:"GET"; http_method; content:"/andrianlecita/roblox-nihon/releases/download/v2.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474741/; classtype:trojan-activity;sid:84337841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474742)"; flow:established,from_client; content:"GET"; http_method; content:"/newgenmightywarrior/nexus-roblox/releases/download/v2.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474742/; classtype:trojan-activity;sid:84337842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474743)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v2.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474743/; classtype:trojan-activity;sid:84337843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474744)"; flow:established,from_client; content:"GET"; http_method; content:"/doomzday4032/blox-fruits-autofarm/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474744/; classtype:trojan-activity;sid:84337844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474745)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v2.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474745/; classtype:trojan-activity;sid:84337845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474746)"; flow:established,from_client; content:"GET"; http_method; content:"/juanvicthor/argon-executor/releases/download/v2.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474746/; classtype:trojan-activity;sid:84337846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474747)"; flow:established,from_client; content:"GET"; http_method; content:"/ozancici/synapse-x-roblox-free/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474747/; classtype:trojan-activity;sid:84337847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474748)"; flow:established,from_client; content:"GET"; http_method; content:"/pranayjha331/roblox-luna-executor/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474748/; classtype:trojan-activity;sid:84337848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474749)"; flow:established,from_client; content:"GET"; http_method; content:"/ishratali007/n3xus-scr1pt-r0bl0x/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474749/; classtype:trojan-activity;sid:84337849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.115.47.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474737/; classtype:trojan-activity;sid:84337837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474736)"; flow:established,from_client; content:"GET"; http_method; content:"/jsaavqkipi.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474736/; classtype:trojan-activity;sid:84337836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.120.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474735/; classtype:trojan-activity;sid:84337835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.156.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474734/; classtype:trojan-activity;sid:84337834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.160.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474733/; classtype:trojan-activity;sid:84337833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.159.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474732/; classtype:trojan-activity;sid:84337832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.242.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474730/; classtype:trojan-activity;sid:84337830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.56.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474731/; classtype:trojan-activity;sid:84337831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474726/; classtype:trojan-activity;sid:84337826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.180.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474727/; classtype:trojan-activity;sid:84337827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.225.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474728/; classtype:trojan-activity;sid:84337828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.148.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474729/; classtype:trojan-activity;sid:84337829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474725/; classtype:trojan-activity;sid:84337825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474724/; classtype:trojan-activity;sid:84337824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.85.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474723/; classtype:trojan-activity;sid:84337823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.95.145.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474722/; classtype:trojan-activity;sid:84337822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.141.224.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474721/; classtype:trojan-activity;sid:84337821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.93.35.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474720/; classtype:trojan-activity;sid:84337820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.6.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474719/; classtype:trojan-activity;sid:84337819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474718/; classtype:trojan-activity;sid:84337818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474717/; classtype:trojan-activity;sid:84337817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.103.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474716/; classtype:trojan-activity;sid:84337816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474715)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474715/; classtype:trojan-activity;sid:84337815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474712)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474712/; classtype:trojan-activity;sid:84337812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474713)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474713/; classtype:trojan-activity;sid:84337813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474714)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474714/; classtype:trojan-activity;sid:84337814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474711)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474711/; classtype:trojan-activity;sid:84337811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474705)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474705/; classtype:trojan-activity;sid:84337805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474706)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474706/; classtype:trojan-activity;sid:84337806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474707)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474707/; classtype:trojan-activity;sid:84337807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474708)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474708/; classtype:trojan-activity;sid:84337808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474709)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.244.6.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474709/; classtype:trojan-activity;sid:84337809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474710)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474710/; classtype:trojan-activity;sid:84337810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474704)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"147.45.47.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474704/; classtype:trojan-activity;sid:84337804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474703)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.pekyy.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474703/; classtype:trojan-activity;sid:84337803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.191.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474702/; classtype:trojan-activity;sid:84337802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.97.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474701/; classtype:trojan-activity;sid:84337801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474700)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf31125/pdf31125/downloads/document.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474700/; classtype:trojan-activity;sid:84337800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474697)"; flow:established,from_client; content:"GET"; http_method; content:"/gen-amful/apex-legends-external-cheat-hack-trigger-glow-aimbot-skin-more-hwid-spoofer/releases/download/v2.0/application.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474697/; classtype:trojan-activity;sid:84337797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474698)"; flow:established,from_client; content:"GET"; http_method; content:"/neomoneyapp/apex-legends-cheat-download/releases/download/v2.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474698/; classtype:trojan-activity;sid:84337798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474699)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicmumo/hwid-spoofer-apex-valorant-warzone-rust-spoofer/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474699/; classtype:trojan-activity;sid:84337799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.164.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474696/; classtype:trojan-activity;sid:84337796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.120.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474695/; classtype:trojan-activity;sid:84337795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474694)"; flow:established,from_client; content:"GET"; http_method; content:"/1158vpjyw3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474694/; classtype:trojan-activity;sid:84337794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474693/; classtype:trojan-activity;sid:84337793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474692)"; flow:established,from_client; content:"GET"; http_method; content:"/pijso4gx41.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474692/; classtype:trojan-activity;sid:84337792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.164.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474691/; classtype:trojan-activity;sid:84337791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.183.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474690/; classtype:trojan-activity;sid:84337790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.97.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474689/; classtype:trojan-activity;sid:84337789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474688/; classtype:trojan-activity;sid:84337788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474687/; classtype:trojan-activity;sid:84337787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.66.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474673/; classtype:trojan-activity;sid:84337773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474674)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/file"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474674/; classtype:trojan-activity;sid:84337774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474675)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/v"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474675/; classtype:trojan-activity;sid:84337775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474676)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/w9"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474676/; classtype:trojan-activity;sid:84337776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.62.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474677/; classtype:trojan-activity;sid:84337777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474678)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/r"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474678/; classtype:trojan-activity;sid:84337778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474679)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/w2"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474679/; classtype:trojan-activity;sid:84337779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474680)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/w8"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474680/; classtype:trojan-activity;sid:84337780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474681)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/w1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474681/; classtype:trojan-activity;sid:84337781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474682)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/w6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474682/; classtype:trojan-activity;sid:84337782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474683)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/w7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474683/; classtype:trojan-activity;sid:84337783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474684)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/s"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474684/; classtype:trojan-activity;sid:84337784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474685)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/instant"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474685/; classtype:trojan-activity;sid:84337785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474686)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/fsilloznch5xhjgxifby.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474686/; classtype:trojan-activity;sid:84337786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474672)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/w5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474672/; classtype:trojan-activity;sid:84337772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474670)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/extention"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474670/; classtype:trojan-activity;sid:84337770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474671)"; flow:established,from_client; content:"GET"; http_method; content:"/05032025/cn"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474671/; classtype:trojan-activity;sid:84337771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.235.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474669/; classtype:trojan-activity;sid:84337769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.137.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474668/; classtype:trojan-activity;sid:84337768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.243.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474667/; classtype:trojan-activity;sid:84337767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.159.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474666/; classtype:trojan-activity;sid:84337766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.30.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474665/; classtype:trojan-activity;sid:84337765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.176.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474664/; classtype:trojan-activity;sid:84337764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.66.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474663/; classtype:trojan-activity;sid:84337763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.243.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474662/; classtype:trojan-activity;sid:84337762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474654)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474654/; classtype:trojan-activity;sid:84337754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474655)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/mipsel"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474655/; classtype:trojan-activity;sid:84337755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.126.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474656/; classtype:trojan-activity;sid:84337756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.126.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474657/; classtype:trojan-activity;sid:84337757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.126.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474658/; classtype:trojan-activity;sid:84337758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474659)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.126.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474659/; classtype:trojan-activity;sid:84337759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.126.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474660/; classtype:trojan-activity;sid:84337760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.9.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474661/; classtype:trojan-activity;sid:84337761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.157.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474653/; classtype:trojan-activity;sid:84337753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.94.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474652/; classtype:trojan-activity;sid:84337752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.160.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474651/; classtype:trojan-activity;sid:84337751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474650/; classtype:trojan-activity;sid:84337750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.235.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474649/; classtype:trojan-activity;sid:84337749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.20.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474648/; classtype:trojan-activity;sid:84337748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474647)"; flow:established,from_client; content:"GET"; http_method; content:"/7yonlp2wdh.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474647/; classtype:trojan-activity;sid:84337747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.157.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474646/; classtype:trojan-activity;sid:84337746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.114.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474645/; classtype:trojan-activity;sid:84337745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.159.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474644/; classtype:trojan-activity;sid:84337744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.83.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474643/; classtype:trojan-activity;sid:84337743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.62.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474642/; classtype:trojan-activity;sid:84337742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.79.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474641/; classtype:trojan-activity;sid:84337741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.114.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474640/; classtype:trojan-activity;sid:84337740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474639)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.125.12.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474639/; classtype:trojan-activity;sid:84337739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.53.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474638/; classtype:trojan-activity;sid:84337738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474637)"; flow:established,from_client; content:"GET"; http_method; content:"/gogles-suter-x64.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"googlleaszxds.nyc3.cdn.digitaloceanspaces.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474637/; classtype:trojan-activity;sid:84337737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.20.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474636/; classtype:trojan-activity;sid:84337736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474635)"; flow:established,from_client; content:"GET"; http_method; content:"/soul/mind.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"moredoul.ydns.eu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474635/; classtype:trojan-activity;sid:84337735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.154.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474634/; classtype:trojan-activity;sid:84337734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.53.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474632/; classtype:trojan-activity;sid:84337732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.2.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474633/; classtype:trojan-activity;sid:84337733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474631/; classtype:trojan-activity;sid:84337731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.81.108.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474630/; classtype:trojan-activity;sid:84337730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.2.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474629/; classtype:trojan-activity;sid:84337729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474628/; classtype:trojan-activity;sid:84337728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.55.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474627/; classtype:trojan-activity;sid:84337727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474626)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_underhand.mp3"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474626/; classtype:trojan-activity;sid:84337726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474625/; classtype:trojan-activity;sid:84337725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.35.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474623/; classtype:trojan-activity;sid:84337723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.83.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474624/; classtype:trojan-activity;sid:84337724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474622/; classtype:trojan-activity;sid:84337722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474621/; classtype:trojan-activity;sid:84337721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.236.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474620/; classtype:trojan-activity;sid:84337720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474619)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"systool.sytes.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474619/; classtype:trojan-activity;sid:84337719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.154.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474618/; classtype:trojan-activity;sid:84337718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474617/; classtype:trojan-activity;sid:84337717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.79.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474616/; classtype:trojan-activity;sid:84337716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.195.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474615/; classtype:trojan-activity;sid:84337715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.108.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474614/; classtype:trojan-activity;sid:84337714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474613)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_tapeless.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474613/; classtype:trojan-activity;sid:84337713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.103.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474612/; classtype:trojan-activity;sid:84337712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.70.84.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474611/; classtype:trojan-activity;sid:84337711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474610/; classtype:trojan-activity;sid:84337710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474609)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_statute.mp3"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474609/; classtype:trojan-activity;sid:84337709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474608/; classtype:trojan-activity;sid:84337708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474607)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.baruy.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474607/; classtype:trojan-activity;sid:84337707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474606)"; flow:established,from_client; content:"GET"; http_method; content:"/xfodnvishvkshu/fedora.bat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"rushingnews.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474606/; classtype:trojan-activity;sid:84337706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.154.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474605/; classtype:trojan-activity;sid:84337705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.79.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474604/; classtype:trojan-activity;sid:84337704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474603)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_sandlot.mp3"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474603/; classtype:trojan-activity;sid:84337703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.131.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474602/; classtype:trojan-activity;sid:84337702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.195.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474601/; classtype:trojan-activity;sid:84337701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474600)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_backspace.mp3"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474600/; classtype:trojan-activity;sid:84337700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.161.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474599/; classtype:trojan-activity;sid:84337699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.18.175"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474598/; classtype:trojan-activity;sid:84337698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.8.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474597/; classtype:trojan-activity;sid:84337697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.143.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474596/; classtype:trojan-activity;sid:84337696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.240.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474595/; classtype:trojan-activity;sid:84337695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.18.253.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474594/; classtype:trojan-activity;sid:84337694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.115.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474593/; classtype:trojan-activity;sid:84337693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.251.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474592/; classtype:trojan-activity;sid:84337692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.157.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474591/; classtype:trojan-activity;sid:84337691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474590)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.hixya.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474590/; classtype:trojan-activity;sid:84337690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.251.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474589/; classtype:trojan-activity;sid:84337689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.240.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474588/; classtype:trojan-activity;sid:84337688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474587/; classtype:trojan-activity;sid:84337687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.59.100.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474586/; classtype:trojan-activity;sid:84337686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474584/; classtype:trojan-activity;sid:84337684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.176.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474585/; classtype:trojan-activity;sid:84337685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.100.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474583/; classtype:trojan-activity;sid:84337683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.8.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474582/; classtype:trojan-activity;sid:84337682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474581)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474581/; classtype:trojan-activity;sid:84337681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474580)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474580/; classtype:trojan-activity;sid:84337680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474579)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_undertook.mp3"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474579/; classtype:trojan-activity;sid:84337679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474578)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474578/; classtype:trojan-activity;sid:84337678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474576)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474576/; classtype:trojan-activity;sid:84337676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474577)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474577/; classtype:trojan-activity;sid:84337677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474575)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474575/; classtype:trojan-activity;sid:84337675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474574)"; flow:established,from_client; content:"GET"; http_method; content:"/kbdtam99.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"reliefmdlabs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474574/; classtype:trojan-activity;sid:84337674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474572)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fis.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"rasin.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474572/; classtype:trojan-activity;sid:84337672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474573)"; flow:established,from_client; content:"GET"; http_method; content:"/files/original.js"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"rasin.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474573/; classtype:trojan-activity;sid:84337673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474571)"; flow:established,from_client; content:"GET"; http_method; content:"/files/index.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"rasin.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474571/; classtype:trojan-activity;sid:84337671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474561)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474561/; classtype:trojan-activity;sid:84337661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474562)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474562/; classtype:trojan-activity;sid:84337662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474563)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474563/; classtype:trojan-activity;sid:84337663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474564)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474564/; classtype:trojan-activity;sid:84337664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474565)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474565/; classtype:trojan-activity;sid:84337665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474566)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474566/; classtype:trojan-activity;sid:84337666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474567)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474567/; classtype:trojan-activity;sid:84337667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474568)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474568/; classtype:trojan-activity;sid:84337668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474569)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474569/; classtype:trojan-activity;sid:84337669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474570)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474570/; classtype:trojan-activity;sid:84337670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.204.97.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474560/; classtype:trojan-activity;sid:84337660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.89.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474559/; classtype:trojan-activity;sid:84337659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474558)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.zeboa.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474558/; classtype:trojan-activity;sid:84337658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474546)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474546/; classtype:trojan-activity;sid:84337646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474547)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474547/; classtype:trojan-activity;sid:84337647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474548)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/powerpc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474548/; classtype:trojan-activity;sid:84337648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474549)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mipsel"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474549/; classtype:trojan-activity;sid:84337649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474550)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474550/; classtype:trojan-activity;sid:84337650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474551)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/riscv32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474551/; classtype:trojan-activity;sid:84337651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474552)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474552/; classtype:trojan-activity;sid:84337652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474553)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474553/; classtype:trojan-activity;sid:84337653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474554)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474554/; classtype:trojan-activity;sid:84337654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474555)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv4eb"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474555/; classtype:trojan-activity;sid:84337655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474556)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474556/; classtype:trojan-activity;sid:84337656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474557)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/sparc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.142.53.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474557/; classtype:trojan-activity;sid:84337657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.25.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474545/; classtype:trojan-activity;sid:84337645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474544)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.didey.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474544/; classtype:trojan-activity;sid:84337644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.252.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474543/; classtype:trojan-activity;sid:84337643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474542)"; flow:established,from_client; content:"GET"; http_method; content:"/clouds.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cloudymap.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474542/; classtype:trojan-activity;sid:84337642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.196.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474541/; classtype:trojan-activity;sid:84337641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.50.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474540/; classtype:trojan-activity;sid:84337640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.89.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474538/; classtype:trojan-activity;sid:84337638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.66.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474539/; classtype:trojan-activity;sid:84337639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.157.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474537/; classtype:trojan-activity;sid:84337637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.37.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474536/; classtype:trojan-activity;sid:84337636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.79.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474535/; classtype:trojan-activity;sid:84337635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.128.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474534/; classtype:trojan-activity;sid:84337634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.154.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474533/; classtype:trojan-activity;sid:84337633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.85.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474532/; classtype:trojan-activity;sid:84337632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474531/; classtype:trojan-activity;sid:84337631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.79.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474529/; classtype:trojan-activity;sid:84337629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474530)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_stamina.mp3"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474530/; classtype:trojan-activity;sid:84337630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.50.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474528/; classtype:trojan-activity;sid:84337628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.157.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474527/; classtype:trojan-activity;sid:84337627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.128.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474526/; classtype:trojan-activity;sid:84337626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.37.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474525/; classtype:trojan-activity;sid:84337625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.251.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474524/; classtype:trojan-activity;sid:84337624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474523/; classtype:trojan-activity;sid:84337623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474522/; classtype:trojan-activity;sid:84337622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.113.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474521/; classtype:trojan-activity;sid:84337621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.122.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474520/; classtype:trojan-activity;sid:84337620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474519/; classtype:trojan-activity;sid:84337619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.72.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474518/; classtype:trojan-activity;sid:84337618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.29.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474517/; classtype:trojan-activity;sid:84337617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.173.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474515/; classtype:trojan-activity;sid:84337615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.196.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474516/; classtype:trojan-activity;sid:84337616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.254.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474514/; classtype:trojan-activity;sid:84337614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.194.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474513/; classtype:trojan-activity;sid:84337613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.191.83.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474512/; classtype:trojan-activity;sid:84337612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474511/; classtype:trojan-activity;sid:84337611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.160.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474510/; classtype:trojan-activity;sid:84337610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.107.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474509/; classtype:trojan-activity;sid:84337609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.102.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474508/; classtype:trojan-activity;sid:84337608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.122.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474507/; classtype:trojan-activity;sid:84337607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.65.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474506/; classtype:trojan-activity;sid:84337606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.107.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474505/; classtype:trojan-activity;sid:84337605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474504/; classtype:trojan-activity;sid:84337604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.203.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474503/; classtype:trojan-activity;sid:84337603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474502)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.249.156.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474502/; classtype:trojan-activity;sid:84337602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.173.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474501/; classtype:trojan-activity;sid:84337601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.26.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474500/; classtype:trojan-activity;sid:84337600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.97.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474499/; classtype:trojan-activity;sid:84337599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.171.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474490/; classtype:trojan-activity;sid:84337590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474491/; classtype:trojan-activity;sid:84337591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.149.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474492/; classtype:trojan-activity;sid:84337592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474493/; classtype:trojan-activity;sid:84337593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474494/; classtype:trojan-activity;sid:84337594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474495/; classtype:trojan-activity;sid:84337595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474496/; classtype:trojan-activity;sid:84337596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.98.36.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474497/; classtype:trojan-activity;sid:84337597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.0.216.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474498/; classtype:trojan-activity;sid:84337598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.165.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474489/; classtype:trojan-activity;sid:84337589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474487/; classtype:trojan-activity;sid:84337587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474488/; classtype:trojan-activity;sid:84337588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.29.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474486/; classtype:trojan-activity;sid:84337586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.60.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474485/; classtype:trojan-activity;sid:84337585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474484)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_spiny.mp3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474484/; classtype:trojan-activity;sid:84337584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.191.83.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474483/; classtype:trojan-activity;sid:84337583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.201.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474481/; classtype:trojan-activity;sid:84337581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.100.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474482/; classtype:trojan-activity;sid:84337582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.97.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474480/; classtype:trojan-activity;sid:84337580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.254.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474479/; classtype:trojan-activity;sid:84337579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.103.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474478/; classtype:trojan-activity;sid:84337578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.73.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474477/; classtype:trojan-activity;sid:84337577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.221.91.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474476/; classtype:trojan-activity;sid:84337576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.201.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474475/; classtype:trojan-activity;sid:84337575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.26.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474474/; classtype:trojan-activity;sid:84337574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.173.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474473/; classtype:trojan-activity;sid:84337573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474470/; classtype:trojan-activity;sid:84337570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.189.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474471/; classtype:trojan-activity;sid:84337571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.80.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474472/; classtype:trojan-activity;sid:84337572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.203.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474469/; classtype:trojan-activity;sid:84337569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474468/; classtype:trojan-activity;sid:84337568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.55.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474467/; classtype:trojan-activity;sid:84337567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474466/; classtype:trojan-activity;sid:84337566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.97.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474465/; classtype:trojan-activity;sid:84337565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.212.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474464/; classtype:trojan-activity;sid:84337564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474463/; classtype:trojan-activity;sid:84337563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.60.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474462/; classtype:trojan-activity;sid:84337562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.245.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474461/; classtype:trojan-activity;sid:84337561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.65.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474460/; classtype:trojan-activity;sid:84337560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474458/; classtype:trojan-activity;sid:84337558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.103.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474459/; classtype:trojan-activity;sid:84337559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.88.243.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474457/; classtype:trojan-activity;sid:84337557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.73.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474456/; classtype:trojan-activity;sid:84337556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.221.91.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474455/; classtype:trojan-activity;sid:84337555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.10.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474454/; classtype:trojan-activity;sid:84337554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.136.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474453/; classtype:trojan-activity;sid:84337553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.189.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474452/; classtype:trojan-activity;sid:84337552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474451/; classtype:trojan-activity;sid:84337551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.174.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474450/; classtype:trojan-activity;sid:84337550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.100.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474449/; classtype:trojan-activity;sid:84337549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474448/; classtype:trojan-activity;sid:84337548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.245.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474447/; classtype:trojan-activity;sid:84337547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.194.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474446/; classtype:trojan-activity;sid:84337546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.10.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474445/; classtype:trojan-activity;sid:84337545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.64.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474444/; classtype:trojan-activity;sid:84337544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.80.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474443/; classtype:trojan-activity;sid:84337543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474442/; classtype:trojan-activity;sid:84337542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.5.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474441/; classtype:trojan-activity;sid:84337541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474440/; classtype:trojan-activity;sid:84337540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474439/; classtype:trojan-activity;sid:84337539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.194.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474438/; classtype:trojan-activity;sid:84337538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.90.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474436/; classtype:trojan-activity;sid:84337536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.233.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474437/; classtype:trojan-activity;sid:84337537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.94.142.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474435/; classtype:trojan-activity;sid:84337535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.99.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474434/; classtype:trojan-activity;sid:84337534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474433/; classtype:trojan-activity;sid:84337533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.64.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474432/; classtype:trojan-activity;sid:84337532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.174.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474431/; classtype:trojan-activity;sid:84337531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474430/; classtype:trojan-activity;sid:84337530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.169.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474429/; classtype:trojan-activity;sid:84337529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.142.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474428/; classtype:trojan-activity;sid:84337528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.222.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474427/; classtype:trojan-activity;sid:84337527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.30.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474426/; classtype:trojan-activity;sid:84337526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474425/; classtype:trojan-activity;sid:84337525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.142.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474424/; classtype:trojan-activity;sid:84337524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474422/; classtype:trojan-activity;sid:84337522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474423/; classtype:trojan-activity;sid:84337523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.99.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474421/; classtype:trojan-activity;sid:84337521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.158.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474420/; classtype:trojan-activity;sid:84337520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.90.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474419/; classtype:trojan-activity;sid:84337519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.173.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474418/; classtype:trojan-activity;sid:84337518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.8.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474417/; classtype:trojan-activity;sid:84337517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474416/; classtype:trojan-activity;sid:84337516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.141.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474414/; classtype:trojan-activity;sid:84337514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.207.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474415/; classtype:trojan-activity;sid:84337515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474413/; classtype:trojan-activity;sid:84337513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.45.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474412/; classtype:trojan-activity;sid:84337512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474411/; classtype:trojan-activity;sid:84337511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.216.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474410/; classtype:trojan-activity;sid:84337510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.117.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474409/; classtype:trojan-activity;sid:84337509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.176.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474408/; classtype:trojan-activity;sid:84337508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.116.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474407/; classtype:trojan-activity;sid:84337507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.170.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474406/; classtype:trojan-activity;sid:84337506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474405/; classtype:trojan-activity;sid:84337505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474404/; classtype:trojan-activity;sid:84337504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474403/; classtype:trojan-activity;sid:84337503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474402/; classtype:trojan-activity;sid:84337502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474401/; classtype:trojan-activity;sid:84337501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474400/; classtype:trojan-activity;sid:84337500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.91.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474399/; classtype:trojan-activity;sid:84337499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.176.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474398/; classtype:trojan-activity;sid:84337498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.116.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474397/; classtype:trojan-activity;sid:84337497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.91.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474396/; classtype:trojan-activity;sid:84337496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.208.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474395/; classtype:trojan-activity;sid:84337495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474394/; classtype:trojan-activity;sid:84337494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.109.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474393/; classtype:trojan-activity;sid:84337493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.135.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474392/; classtype:trojan-activity;sid:84337492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.196.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474391/; classtype:trojan-activity;sid:84337491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.53.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474390/; classtype:trojan-activity;sid:84337490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.18.175"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474389/; classtype:trojan-activity;sid:84337489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474388/; classtype:trojan-activity;sid:84337488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.179.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474387/; classtype:trojan-activity;sid:84337487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.48.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474386/; classtype:trojan-activity;sid:84337486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474385/; classtype:trojan-activity;sid:84337485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.196.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474384/; classtype:trojan-activity;sid:84337484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474382/; classtype:trojan-activity;sid:84337482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474383/; classtype:trojan-activity;sid:84337483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474381/; classtype:trojan-activity;sid:84337481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474380/; classtype:trojan-activity;sid:84337480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.243.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474379/; classtype:trojan-activity;sid:84337479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.64.113.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474377/; classtype:trojan-activity;sid:84337477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.73.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474378/; classtype:trojan-activity;sid:84337478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.67.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474376/; classtype:trojan-activity;sid:84337476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.236.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474375/; classtype:trojan-activity;sid:84337475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.172.0.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474374/; classtype:trojan-activity;sid:84337474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.208.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474373/; classtype:trojan-activity;sid:84337473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.221.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474372/; classtype:trojan-activity;sid:84337472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.26.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474371/; classtype:trojan-activity;sid:84337471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.55.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474369/; classtype:trojan-activity;sid:84337469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474370/; classtype:trojan-activity;sid:84337470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.201.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474368/; classtype:trojan-activity;sid:84337468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.33.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474367/; classtype:trojan-activity;sid:84337467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.238.95.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474366/; classtype:trojan-activity;sid:84337466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.135.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474364/; classtype:trojan-activity;sid:84337464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.175.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474365/; classtype:trojan-activity;sid:84337465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.48.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474363/; classtype:trojan-activity;sid:84337463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.87.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474362/; classtype:trojan-activity;sid:84337462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474361/; classtype:trojan-activity;sid:84337461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.179.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474360/; classtype:trojan-activity;sid:84337460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474359)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"138.197.122.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474359/; classtype:trojan-activity;sid:84337459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474356)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.197.122.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474356/; classtype:trojan-activity;sid:84337456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474357)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.197.122.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474357/; classtype:trojan-activity;sid:84337457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474358)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.superh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"138.197.122.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474358/; classtype:trojan-activity;sid:84337458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474352)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"138.197.122.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474352/; classtype:trojan-activity;sid:84337452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474353)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.197.122.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474353/; classtype:trojan-activity;sid:84337453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474354)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.197.122.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474354/; classtype:trojan-activity;sid:84337454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474355)"; flow:established,from_client; content:"GET"; http_method; content:"/sync.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.197.122.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474355/; classtype:trojan-activity;sid:84337455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.208.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474351/; classtype:trojan-activity;sid:84337451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.108.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474350/; classtype:trojan-activity;sid:84337450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.180.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474349/; classtype:trojan-activity;sid:84337449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.95.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474348/; classtype:trojan-activity;sid:84337448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474347/; classtype:trojan-activity;sid:84337447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474346/; classtype:trojan-activity;sid:84337446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.118.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474345/; classtype:trojan-activity;sid:84337445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.146.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474344/; classtype:trojan-activity;sid:84337444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474343/; classtype:trojan-activity;sid:84337443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.157.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474342/; classtype:trojan-activity;sid:84337442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.55.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474341/; classtype:trojan-activity;sid:84337441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.1.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474340/; classtype:trojan-activity;sid:84337440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.146.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474339/; classtype:trojan-activity;sid:84337439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.241.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474338/; classtype:trojan-activity;sid:84337438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.175.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474337/; classtype:trojan-activity;sid:84337437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.33.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474336/; classtype:trojan-activity;sid:84337436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.156.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474335/; classtype:trojan-activity;sid:84337435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.87.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474334/; classtype:trojan-activity;sid:84337434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.157.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474333/; classtype:trojan-activity;sid:84337433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474332/; classtype:trojan-activity;sid:84337432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474331/; classtype:trojan-activity;sid:84337431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.157.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474330/; classtype:trojan-activity;sid:84337430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.91.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474329/; classtype:trojan-activity;sid:84337429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.1.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474328/; classtype:trojan-activity;sid:84337428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.149.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474327/; classtype:trojan-activity;sid:84337427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.146.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474326/; classtype:trojan-activity;sid:84337426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.112.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474324/; classtype:trojan-activity;sid:84337424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474325/; classtype:trojan-activity;sid:84337425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.9.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474323/; classtype:trojan-activity;sid:84337423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.156.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474322/; classtype:trojan-activity;sid:84337422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.12.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474321/; classtype:trojan-activity;sid:84337421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.250.6.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474320/; classtype:trojan-activity;sid:84337420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.91.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474319/; classtype:trojan-activity;sid:84337419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.33.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474317/; classtype:trojan-activity;sid:84337417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474318/; classtype:trojan-activity;sid:84337418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.35.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474316/; classtype:trojan-activity;sid:84337416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.0.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474315/; classtype:trojan-activity;sid:84337415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.33.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474314/; classtype:trojan-activity;sid:84337414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.12.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474313/; classtype:trojan-activity;sid:84337413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.84.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474312/; classtype:trojan-activity;sid:84337412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.138.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474311/; classtype:trojan-activity;sid:84337411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.156.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474310/; classtype:trojan-activity;sid:84337410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474304)"; flow:established,from_client; content:"GET"; http_method; content:"/re.bot.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474304/; classtype:trojan-activity;sid:84337404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474305)"; flow:established,from_client; content:"GET"; http_method; content:"/re.bot.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474305/; classtype:trojan-activity;sid:84337405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474306)"; flow:established,from_client; content:"GET"; http_method; content:"/re.bot.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474306/; classtype:trojan-activity;sid:84337406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474307)"; flow:established,from_client; content:"GET"; http_method; content:"/re.bot.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474307/; classtype:trojan-activity;sid:84337407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474308/; classtype:trojan-activity;sid:84337408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474309)"; flow:established,from_client; content:"GET"; http_method; content:"/re.bot.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474309/; classtype:trojan-activity;sid:84337409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474303)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474303/; classtype:trojan-activity;sid:84337403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474302)"; flow:established,from_client; content:"GET"; http_method; content:"/re.bot.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474302/; classtype:trojan-activity;sid:84337402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474301/; classtype:trojan-activity;sid:84337401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474300/; classtype:trojan-activity;sid:84337400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.35.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474299/; classtype:trojan-activity;sid:84337399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.162.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474298/; classtype:trojan-activity;sid:84337398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.213.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474297/; classtype:trojan-activity;sid:84337397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.144.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474296/; classtype:trojan-activity;sid:84337396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.106.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474295/; classtype:trojan-activity;sid:84337395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.170.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474294/; classtype:trojan-activity;sid:84337394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.90.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474293/; classtype:trojan-activity;sid:84337393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474292/; classtype:trojan-activity;sid:84337392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.56.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474291/; classtype:trojan-activity;sid:84337391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.117.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474290/; classtype:trojan-activity;sid:84337390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.108.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474287/; classtype:trojan-activity;sid:84337387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.77.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474288/; classtype:trojan-activity;sid:84337388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.124.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474289/; classtype:trojan-activity;sid:84337389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474286/; classtype:trojan-activity;sid:84337386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.132.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474284/; classtype:trojan-activity;sid:84337384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.245.115.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474285/; classtype:trojan-activity;sid:84337385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.162.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474283/; classtype:trojan-activity;sid:84337383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.200.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474282/; classtype:trojan-activity;sid:84337382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.148.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474281/; classtype:trojan-activity;sid:84337381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.144.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474280/; classtype:trojan-activity;sid:84337380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.204.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474279/; classtype:trojan-activity;sid:84337379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.170.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474278/; classtype:trojan-activity;sid:84337378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.11.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474277/; classtype:trojan-activity;sid:84337377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.245.115.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474276/; classtype:trojan-activity;sid:84337376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474275/; classtype:trojan-activity;sid:84337375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.224.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474274/; classtype:trojan-activity;sid:84337374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.68.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474273/; classtype:trojan-activity;sid:84337373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474272)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.vevou.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474272/; classtype:trojan-activity;sid:84337372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.200.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474271/; classtype:trojan-activity;sid:84337371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.11.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474270/; classtype:trojan-activity;sid:84337370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.148.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474269/; classtype:trojan-activity;sid:84337369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.82.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474268/; classtype:trojan-activity;sid:84337368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.15.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474267/; classtype:trojan-activity;sid:84337367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.90.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474266/; classtype:trojan-activity;sid:84337366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474261/; classtype:trojan-activity;sid:84337361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474262/; classtype:trojan-activity;sid:84337362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.68.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474263/; classtype:trojan-activity;sid:84337363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474264/; classtype:trojan-activity;sid:84337364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.0.217.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474265/; classtype:trojan-activity;sid:84337365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474260/; classtype:trojan-activity;sid:84337360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.175.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474259/; classtype:trojan-activity;sid:84337359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474258/; classtype:trojan-activity;sid:84337358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.42.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474257/; classtype:trojan-activity;sid:84337357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.233.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474255/; classtype:trojan-activity;sid:84337355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.219.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474256/; classtype:trojan-activity;sid:84337356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.212.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474254/; classtype:trojan-activity;sid:84337354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.16.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474253/; classtype:trojan-activity;sid:84337353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.219.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474252/; classtype:trojan-activity;sid:84337352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474250/; classtype:trojan-activity;sid:84337350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.184.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474251/; classtype:trojan-activity;sid:84337351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474249/; classtype:trojan-activity;sid:84337349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.212.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474248/; classtype:trojan-activity;sid:84337348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.204.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474247/; classtype:trojan-activity;sid:84337347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.123.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474246/; classtype:trojan-activity;sid:84337346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.223.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474245/; classtype:trojan-activity;sid:84337345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.190.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474244/; classtype:trojan-activity;sid:84337344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.34.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474243/; classtype:trojan-activity;sid:84337343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.184.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474242/; classtype:trojan-activity;sid:84337342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474241/; classtype:trojan-activity;sid:84337341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.123.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474240/; classtype:trojan-activity;sid:84337340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.165.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474239/; classtype:trojan-activity;sid:84337339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.190.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474238/; classtype:trojan-activity;sid:84337338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.31.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474237/; classtype:trojan-activity;sid:84337337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.34.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474236/; classtype:trojan-activity;sid:84337336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474235/; classtype:trojan-activity;sid:84337335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.96.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474234/; classtype:trojan-activity;sid:84337334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.223.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474233/; classtype:trojan-activity;sid:84337333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.52.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474232/; classtype:trojan-activity;sid:84337332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.187.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474231/; classtype:trojan-activity;sid:84337331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474230/; classtype:trojan-activity;sid:84337330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.166.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474229/; classtype:trojan-activity;sid:84337329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.52.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474228/; classtype:trojan-activity;sid:84337328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.229.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474227/; classtype:trojan-activity;sid:84337327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.70.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474226/; classtype:trojan-activity;sid:84337326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474225/; classtype:trojan-activity;sid:84337325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.152.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474224/; classtype:trojan-activity;sid:84337324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.196.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474223/; classtype:trojan-activity;sid:84337323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.229.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474222/; classtype:trojan-activity;sid:84337322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.166.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474221/; classtype:trojan-activity;sid:84337321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474219/; classtype:trojan-activity;sid:84337319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.82.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474220/; classtype:trojan-activity;sid:84337320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.24.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474218/; classtype:trojan-activity;sid:84337318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.221.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474217/; classtype:trojan-activity;sid:84337317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474216/; classtype:trojan-activity;sid:84337316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474215/; classtype:trojan-activity;sid:84337315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.163.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474214/; classtype:trojan-activity;sid:84337314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.70.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474213/; classtype:trojan-activity;sid:84337313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.166.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474212/; classtype:trojan-activity;sid:84337312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.118.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474211/; classtype:trojan-activity;sid:84337311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.82.227.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474210/; classtype:trojan-activity;sid:84337310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.234.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474209/; classtype:trojan-activity;sid:84337309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.154.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474207/; classtype:trojan-activity;sid:84337307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.90.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474208/; classtype:trojan-activity;sid:84337308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474206)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_recoil.mp3"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474206/; classtype:trojan-activity;sid:84337306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.163.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474205/; classtype:trojan-activity;sid:84337305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.74.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474203/; classtype:trojan-activity;sid:84337303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.84.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474204/; classtype:trojan-activity;sid:84337304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.216.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474202/; classtype:trojan-activity;sid:84337302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.87.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474201/; classtype:trojan-activity;sid:84337301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.187.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474200/; classtype:trojan-activity;sid:84337300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474199/; classtype:trojan-activity;sid:84337299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.118.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474198/; classtype:trojan-activity;sid:84337298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.81.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474197/; classtype:trojan-activity;sid:84337297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.234.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474196/; classtype:trojan-activity;sid:84337296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.149.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474195/; classtype:trojan-activity;sid:84337295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.154.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474194/; classtype:trojan-activity;sid:84337294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.35.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474193/; classtype:trojan-activity;sid:84337293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.161.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474192/; classtype:trojan-activity;sid:84337292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.84.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474191/; classtype:trojan-activity;sid:84337291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.87.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474190/; classtype:trojan-activity;sid:84337290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474189/; classtype:trojan-activity;sid:84337289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.28.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474188/; classtype:trojan-activity;sid:84337288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.50.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474187/; classtype:trojan-activity;sid:84337287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.148.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474186/; classtype:trojan-activity;sid:84337286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.118.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474174/; classtype:trojan-activity;sid:84337274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474175/; classtype:trojan-activity;sid:84337275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474176/; classtype:trojan-activity;sid:84337276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474177/; classtype:trojan-activity;sid:84337277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.35.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474178/; classtype:trojan-activity;sid:84337278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.68.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474179/; classtype:trojan-activity;sid:84337279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474180/; classtype:trojan-activity;sid:84337280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474181/; classtype:trojan-activity;sid:84337281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474182/; classtype:trojan-activity;sid:84337282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.155.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474183/; classtype:trojan-activity;sid:84337283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474184/; classtype:trojan-activity;sid:84337284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.25.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474185/; classtype:trojan-activity;sid:84337285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.253.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474173/; classtype:trojan-activity;sid:84337273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474172/; classtype:trojan-activity;sid:84337272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.0.82"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474171/; classtype:trojan-activity;sid:84337271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474170/; classtype:trojan-activity;sid:84337270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.162.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474169/; classtype:trojan-activity;sid:84337269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.243.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474164/; classtype:trojan-activity;sid:84337264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474165/; classtype:trojan-activity;sid:84337265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474166/; classtype:trojan-activity;sid:84337266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.75.163.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474167/; classtype:trojan-activity;sid:84337267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.201.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474168/; classtype:trojan-activity;sid:84337268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.216.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474163/; classtype:trojan-activity;sid:84337263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.81.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474162/; classtype:trojan-activity;sid:84337262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474161)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_radiance.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474161/; classtype:trojan-activity;sid:84337261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.9.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474160/; classtype:trojan-activity;sid:84337260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.193.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474159/; classtype:trojan-activity;sid:84337259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.180.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474157/; classtype:trojan-activity;sid:84337257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.199.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474158/; classtype:trojan-activity;sid:84337258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.243.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474156/; classtype:trojan-activity;sid:84337256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.148.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474155/; classtype:trojan-activity;sid:84337255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.50.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474154/; classtype:trojan-activity;sid:84337254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.216.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474153/; classtype:trojan-activity;sid:84337253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.155.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474152/; classtype:trojan-activity;sid:84337252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.56.205.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474151/; classtype:trojan-activity;sid:84337251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.81.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474150/; classtype:trojan-activity;sid:84337250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.213.179.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474149/; classtype:trojan-activity;sid:84337249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.174.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474148/; classtype:trojan-activity;sid:84337248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.12.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474147/; classtype:trojan-activity;sid:84337247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.233.58.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474146/; classtype:trojan-activity;sid:84337246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.151.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474145/; classtype:trojan-activity;sid:84337245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.180.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474144/; classtype:trojan-activity;sid:84337244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474143)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.dovoo.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474143/; classtype:trojan-activity;sid:84337243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.56.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474142/; classtype:trojan-activity;sid:84337242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.65.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474141/; classtype:trojan-activity;sid:84337241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.243.152.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474140/; classtype:trojan-activity;sid:84337240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.151.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474139/; classtype:trojan-activity;sid:84337239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474136)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/tgt65hk2h8vsbrn/skeletal.bin/file"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474136/; classtype:trojan-activity;sid:84337236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474137)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1776871603.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lebron18shoes.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474137/; classtype:trojan-activity;sid:84337237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474138)"; flow:established,from_client; content:"GET"; http_method; content:"/yo_3316_34.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"halfselftda.b-cdn.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474138/; classtype:trojan-activity;sid:84337238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474135)"; flow:established,from_client; content:"GET"; http_method; content:"/phonerlite.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.163.176.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474135/; classtype:trojan-activity;sid:84337235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474133)"; flow:established,from_client; content:"GET"; http_method; content:"/deripascod/coderoom/raw/refs/heads/main/thawdtyh.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474133/; classtype:trojan-activity;sid:84337233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474134)"; flow:established,from_client; content:"GET"; http_method; content:"/deripascod/coderoom/raw/refs/heads/main/nyoilsafkjawd.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474134/; classtype:trojan-activity;sid:84337234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474132)"; flow:established,from_client; content:"GET"; http_method; content:"/deripascod/coderoom/raw/refs/heads/main/crossings.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474132/; classtype:trojan-activity;sid:84337232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474129)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atom68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474129/; classtype:trojan-activity;sid:84337229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.105.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474130/; classtype:trojan-activity;sid:84337230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474131)"; flow:established,from_client; content:"GET"; http_method; content:"/deripascod/coderoom/raw/refs/heads/main/boilfdsefsq.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474131/; classtype:trojan-activity;sid:84337231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474121)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atox86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474121/; classtype:trojan-activity;sid:84337221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474122)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atospc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474122/; classtype:trojan-activity;sid:84337222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474123)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atomips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474123/; classtype:trojan-activity;sid:84337223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474124)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atoppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474124/; classtype:trojan-activity;sid:84337224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474125)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atoarm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474125/; classtype:trojan-activity;sid:84337225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474126)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atosh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474126/; classtype:trojan-activity;sid:84337226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474127)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atompsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474127/; classtype:trojan-activity;sid:84337227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474128)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atoarm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474128/; classtype:trojan-activity;sid:84337228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474114)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4u8rcu93kedd6ys/fusionhacks.rar/file|3f|dkey=87nwt179gwk|7c|26|7c|r=808"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474114/; classtype:trojan-activity;sid:84337214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474115)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xlect7ofhlj53g2/softv1.81.zip/file|3f|dkey=h7smf05pc1d|7c|26|7c|r=920"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474115/; classtype:trojan-activity;sid:84337215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474116)"; flow:established,from_client; content:"GET"; http_method; content:"/file/pqeghzro0fgchcp/galaxysoft.zip/file|3f|dkey=r8r1ijghrsy|7c|26|7c|r=1966"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474116/; classtype:trojan-activity;sid:84337216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474117)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4u8rcu93kedd6ys/fusionhacks.rar/file|3f|dkey=7xzhz4akrjs|7c|26|7c|r=1690"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474117/; classtype:trojan-activity;sid:84337217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474118)"; flow:established,from_client; content:"GET"; http_method; content:"/file/o4eukuanbpm3m1o/fusionhacks.zip/file|3f|dkey=wntszbc68dv|7c|26|7c|r=88"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474118/; classtype:trojan-activity;sid:84337218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474119)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4595dqsykjkh0c7/xsetup.zip/file|3f|dkey=lhqr8aqup6j|7c|26|7c|r=1161"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474119/; classtype:trojan-activity;sid:84337219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474120)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atox64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474120/; classtype:trojan-activity;sid:84337220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474111)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atoarm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474111/; classtype:trojan-activity;sid:84337211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474112)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atoarm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474112/; classtype:trojan-activity;sid:84337212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474113)"; flow:established,from_client; content:"GET"; http_method; content:"/zoopakilla/goldage3atoarm4"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474113/; classtype:trojan-activity;sid:84337213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474110)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474110/; classtype:trojan-activity;sid:84337210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474109)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_motto.mp3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474109/; classtype:trojan-activity;sid:84337209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474108/; classtype:trojan-activity;sid:84337208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.141.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474107/; classtype:trojan-activity;sid:84337207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474106/; classtype:trojan-activity;sid:84337206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.224.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474105/; classtype:trojan-activity;sid:84337205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.59.222.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474104/; classtype:trojan-activity;sid:84337204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.65.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474103/; classtype:trojan-activity;sid:84337203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.181.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474102/; classtype:trojan-activity;sid:84337202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.1.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474101/; classtype:trojan-activity;sid:84337201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474100/; classtype:trojan-activity;sid:84337200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.23.41.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474099/; classtype:trojan-activity;sid:84337199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.166.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474098/; classtype:trojan-activity;sid:84337198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474097)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_endurance.mp3"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474097/; classtype:trojan-activity;sid:84337197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474096/; classtype:trojan-activity;sid:84337196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.233.58.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474095/; classtype:trojan-activity;sid:84337195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.105.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474094/; classtype:trojan-activity;sid:84337194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.6.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474093/; classtype:trojan-activity;sid:84337193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.167.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474092/; classtype:trojan-activity;sid:84337192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.243.152.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474090/; classtype:trojan-activity;sid:84337190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.200.124.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474091/; classtype:trojan-activity;sid:84337191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474089/; classtype:trojan-activity;sid:84337189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474088/; classtype:trojan-activity;sid:84337188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.166.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474087/; classtype:trojan-activity;sid:84337187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.125.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474086/; classtype:trojan-activity;sid:84337186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.23.41.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474085/; classtype:trojan-activity;sid:84337185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474084/; classtype:trojan-activity;sid:84337184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474083/; classtype:trojan-activity;sid:84337183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474082/; classtype:trojan-activity;sid:84337182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.178.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474081/; classtype:trojan-activity;sid:84337181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.203.68.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474080/; classtype:trojan-activity;sid:84337180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.68.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474079/; classtype:trojan-activity;sid:84337179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.178.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474078/; classtype:trojan-activity;sid:84337178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474077/; classtype:trojan-activity;sid:84337177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.126.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474075/; classtype:trojan-activity;sid:84337175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474076)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_division.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474076/; classtype:trojan-activity;sid:84337176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.22.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474073/; classtype:trojan-activity;sid:84337173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.78.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474074/; classtype:trojan-activity;sid:84337174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.68.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474072/; classtype:trojan-activity;sid:84337172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474071/; classtype:trojan-activity;sid:84337171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.222.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474070/; classtype:trojan-activity;sid:84337170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474069)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_defiance.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474069/; classtype:trojan-activity;sid:84337169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474068)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"catalog.sjsailboats.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474068/; classtype:trojan-activity;sid:84337168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.58.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474067/; classtype:trojan-activity;sid:84337167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.222.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474066/; classtype:trojan-activity;sid:84337166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.5.63"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474065/; classtype:trojan-activity;sid:84337165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.169.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474064/; classtype:trojan-activity;sid:84337164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.135.166.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474063/; classtype:trojan-activity;sid:84337163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.22.65.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474062/; classtype:trojan-activity;sid:84337162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474060/; classtype:trojan-activity;sid:84337160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.81.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474061/; classtype:trojan-activity;sid:84337161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474055/; classtype:trojan-activity;sid:84337155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474056/; classtype:trojan-activity;sid:84337156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474057/; classtype:trojan-activity;sid:84337157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.127.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474058/; classtype:trojan-activity;sid:84337158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474059/; classtype:trojan-activity;sid:84337159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474054/; classtype:trojan-activity;sid:84337154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474053/; classtype:trojan-activity;sid:84337153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.173.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474052/; classtype:trojan-activity;sid:84337152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.39.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474050/; classtype:trojan-activity;sid:84337150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.70.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474051/; classtype:trojan-activity;sid:84337151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474049/; classtype:trojan-activity;sid:84337149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.187.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474044/; classtype:trojan-activity;sid:84337144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.46.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474045/; classtype:trojan-activity;sid:84337145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.24.105"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474046/; classtype:trojan-activity;sid:84337146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.124.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474047/; classtype:trojan-activity;sid:84337147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.173.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474048/; classtype:trojan-activity;sid:84337148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474043/; classtype:trojan-activity;sid:84337143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.222.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474042/; classtype:trojan-activity;sid:84337142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.191.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474041/; classtype:trojan-activity;sid:84337141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474040)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.86.16.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474040/; classtype:trojan-activity;sid:84337140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.22.65.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474039/; classtype:trojan-activity;sid:84337139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.163.57.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474038/; classtype:trojan-activity;sid:84337138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.201.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474037/; classtype:trojan-activity;sid:84337137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.169.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474036/; classtype:trojan-activity;sid:84337136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.5.63"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474035/; classtype:trojan-activity;sid:84337135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.188.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474034/; classtype:trojan-activity;sid:84337134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.135.166.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474033/; classtype:trojan-activity;sid:84337133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.100.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474032/; classtype:trojan-activity;sid:84337132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.191.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474031/; classtype:trojan-activity;sid:84337131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474030)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_cork.mp3"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"u1.wannabeclobber.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474030/; classtype:trojan-activity;sid:84337130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474029/; classtype:trojan-activity;sid:84337129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.146.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474028/; classtype:trojan-activity;sid:84337128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.119.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474027/; classtype:trojan-activity;sid:84337127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.119.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474026/; classtype:trojan-activity;sid:84337126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.251.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474025/; classtype:trojan-activity;sid:84337125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.255.15.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474024/; classtype:trojan-activity;sid:84337124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.16.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474023/; classtype:trojan-activity;sid:84337123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.44.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474022/; classtype:trojan-activity;sid:84337122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474021/; classtype:trojan-activity;sid:84337121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474020/; classtype:trojan-activity;sid:84337120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.211.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474019/; classtype:trojan-activity;sid:84337119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.221.44.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474018/; classtype:trojan-activity;sid:84337118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.105.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474017/; classtype:trojan-activity;sid:84337117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474016)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.fajez.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474016/; classtype:trojan-activity;sid:84337116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.84.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474015/; classtype:trojan-activity;sid:84337115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.165.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474014/; classtype:trojan-activity;sid:84337114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.169.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474013/; classtype:trojan-activity;sid:84337113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.29.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474011/; classtype:trojan-activity;sid:84337111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.109.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474012/; classtype:trojan-activity;sid:84337112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.109.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474010/; classtype:trojan-activity;sid:84337110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.165.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474009/; classtype:trojan-activity;sid:84337109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.240.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474008/; classtype:trojan-activity;sid:84337108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.191.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474007/; classtype:trojan-activity;sid:84337107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.150.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474006/; classtype:trojan-activity;sid:84337106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.116.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474005/; classtype:trojan-activity;sid:84337105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.240.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474004/; classtype:trojan-activity;sid:84337104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.248.14.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474003/; classtype:trojan-activity;sid:84337103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.114.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474002/; classtype:trojan-activity;sid:84337102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474001/; classtype:trojan-activity;sid:84337101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.31.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3474000/; classtype:trojan-activity;sid:84337100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473999/; classtype:trojan-activity;sid:84337099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.122.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473998/; classtype:trojan-activity;sid:84337098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473997/; classtype:trojan-activity;sid:84337097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473996/; classtype:trojan-activity;sid:84337096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.116.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473995/; classtype:trojan-activity;sid:84337095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.114.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473993/; classtype:trojan-activity;sid:84337093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473994)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_rind.mp3"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"u1.superheroomen.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473994/; classtype:trojan-activity;sid:84337094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.38.203.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473992/; classtype:trojan-activity;sid:84337092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.135.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473991/; classtype:trojan-activity;sid:84337091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473990)"; flow:established,from_client; content:"GET"; http_method; content:"/confirm2.com/advancedvovmusicplayercommunitysetup.msi"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"89.23.107.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473990/; classtype:trojan-activity;sid:84337090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473989)"; flow:established,from_client; content:"GET"; http_method; content:"/confirm2.com/capcha"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.23.107.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473989/; classtype:trojan-activity;sid:84337089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473985)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"complaintguest2.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473985/; classtype:trojan-activity;sid:84337085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473986)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmi.com/softwareideasproffesionalsetup.msi"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"89.23.107.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473986/; classtype:trojan-activity;sid:84337086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473987)"; flow:established,from_client; content:"GET"; http_method; content:"/confirm.com/networkvoxcontrollersetup.msi"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"89.23.107.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473987/; classtype:trojan-activity;sid:84337087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473988)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"booking.complaintguest2.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473988/; classtype:trojan-activity;sid:84337088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.45.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473984/; classtype:trojan-activity;sid:84337084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.71.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473983/; classtype:trojan-activity;sid:84337083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.125.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473982/; classtype:trojan-activity;sid:84337082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473981/; classtype:trojan-activity;sid:84337081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473978)"; flow:established,from_client; content:"GET"; http_method; content:"/b/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.87.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473978/; classtype:trojan-activity;sid:84337078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.229.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473979/; classtype:trojan-activity;sid:84337079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.227.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473980/; classtype:trojan-activity;sid:84337080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473977/; classtype:trojan-activity;sid:84337077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473976/; classtype:trojan-activity;sid:84337076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473973)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473973/; classtype:trojan-activity;sid:84337073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473974)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473974/; classtype:trojan-activity;sid:84337074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473975)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473975/; classtype:trojan-activity;sid:84337075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473965)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473965/; classtype:trojan-activity;sid:84337065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473966)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473966/; classtype:trojan-activity;sid:84337066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473967)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473967/; classtype:trojan-activity;sid:84337067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473968)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473968/; classtype:trojan-activity;sid:84337068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473969)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473969/; classtype:trojan-activity;sid:84337069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473970)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473970/; classtype:trojan-activity;sid:84337070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473971)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473971/; classtype:trojan-activity;sid:84337071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473972)"; flow:established,from_client; content:"GET"; http_method; content:"/hide/hide.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.18.239.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473972/; classtype:trojan-activity;sid:84337072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473961)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473961/; classtype:trojan-activity;sid:84337061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473962)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473962/; classtype:trojan-activity;sid:84337062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473963)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473963/; classtype:trojan-activity;sid:84337063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473964)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473964/; classtype:trojan-activity;sid:84337064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473957)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473957/; classtype:trojan-activity;sid:84337057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473958)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473958/; classtype:trojan-activity;sid:84337058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473959)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473959/; classtype:trojan-activity;sid:84337059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473960)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473960/; classtype:trojan-activity;sid:84337060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473950)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukobins/demon.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473950/; classtype:trojan-activity;sid:84337050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473951)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukobins/demon.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473951/; classtype:trojan-activity;sid:84337051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473952)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukobins/demon.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473952/; classtype:trojan-activity;sid:84337052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473953)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukobins/demon.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473953/; classtype:trojan-activity;sid:84337053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473954)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukobins/demon.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473954/; classtype:trojan-activity;sid:84337054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473955)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukobins/demon.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473955/; classtype:trojan-activity;sid:84337055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473956)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukobins/demon.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473956/; classtype:trojan-activity;sid:84337056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.17.51.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473949/; classtype:trojan-activity;sid:84337049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.103.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473948/; classtype:trojan-activity;sid:84337048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.235.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473947/; classtype:trojan-activity;sid:84337047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473944)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.166.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473944/; classtype:trojan-activity;sid:84337044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473945)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"188.166.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473945/; classtype:trojan-activity;sid:84337045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473946)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.166.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473946/; classtype:trojan-activity;sid:84337046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.12.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473943/; classtype:trojan-activity;sid:84337043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.166.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473942/; classtype:trojan-activity;sid:84337042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473941)"; flow:established,from_client; content:"GET"; http_method; content:"/botpilled/rbot"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"188.166.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473941/; classtype:trojan-activity;sid:84337041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473940)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.gytas.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473940/; classtype:trojan-activity;sid:84337040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473939)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_removing.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.superheroomen.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473939/; classtype:trojan-activity;sid:84337039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.162.116.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473937/; classtype:trojan-activity;sid:84337037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.19.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473938/; classtype:trojan-activity;sid:84337038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.77.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473936/; classtype:trojan-activity;sid:84337036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.17.49.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473935/; classtype:trojan-activity;sid:84337035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473934)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.myquk.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473934/; classtype:trojan-activity;sid:84337034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473933/; classtype:trojan-activity;sid:84337033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473932)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_prison.mp3"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"u1.superheroomen.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473932/; classtype:trojan-activity;sid:84337032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473931/; classtype:trojan-activity;sid:84337031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473930/; classtype:trojan-activity;sid:84337030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.12.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473929/; classtype:trojan-activity;sid:84337029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.87.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473928/; classtype:trojan-activity;sid:84337028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.152.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473927/; classtype:trojan-activity;sid:84337027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473926/; classtype:trojan-activity;sid:84337026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.162.116.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473925/; classtype:trojan-activity;sid:84337025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473924)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_tinfoil.mp3"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"u1.superheroomen.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473924/; classtype:trojan-activity;sid:84337024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473923/; classtype:trojan-activity;sid:84337023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473922)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.rygog.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473922/; classtype:trojan-activity;sid:84337022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.134.23.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473921/; classtype:trojan-activity;sid:84337021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.237.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473920/; classtype:trojan-activity;sid:84337020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.19.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473919/; classtype:trojan-activity;sid:84337019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.193.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473918/; classtype:trojan-activity;sid:84337018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.152.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473917/; classtype:trojan-activity;sid:84337017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.236.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473916/; classtype:trojan-activity;sid:84337016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.19.72.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473915/; classtype:trojan-activity;sid:84337015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473914)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_thirstily.mp3"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"u1.superheroomen.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473914/; classtype:trojan-activity;sid:84337014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.87.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473913/; classtype:trojan-activity;sid:84337013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473912)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_proclaim.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.superheroomen.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473912/; classtype:trojan-activity;sid:84337012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473911)"; flow:established,from_client; content:"GET"; http_method; content:"/lisontek2.1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"combo.s3.eu-north-1.amazonaws.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473911/; classtype:trojan-activity;sid:84337011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473910)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_pavement.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.superheroomen.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473910/; classtype:trojan-activity;sid:84337010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.7.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473909/; classtype:trojan-activity;sid:84337009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.134.22.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473907/; classtype:trojan-activity;sid:84337007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.142.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473908/; classtype:trojan-activity;sid:84337008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.100.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473906/; classtype:trojan-activity;sid:84337006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.246.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473905/; classtype:trojan-activity;sid:84337005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473904)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_proclaim.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.optdropper.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473904/; classtype:trojan-activity;sid:84337004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.141.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473903/; classtype:trojan-activity;sid:84337003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.123.9.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473902/; classtype:trojan-activity;sid:84337002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473901)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_pavement.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.optdropper.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473901/; classtype:trojan-activity;sid:84337001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.232.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473900/; classtype:trojan-activity;sid:84337000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.105.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473899/; classtype:trojan-activity;sid:84336999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.246.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473898/; classtype:trojan-activity;sid:84336998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.128.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473897/; classtype:trojan-activity;sid:84336997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.61.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473896/; classtype:trojan-activity;sid:84336996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.31.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473895/; classtype:trojan-activity;sid:84336995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.249.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473894/; classtype:trojan-activity;sid:84336994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.12.15.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473893/; classtype:trojan-activity;sid:84336993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.211.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473891/; classtype:trojan-activity;sid:84336991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.23.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473892/; classtype:trojan-activity;sid:84336992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.63.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473889/; classtype:trojan-activity;sid:84336989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.70.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473890/; classtype:trojan-activity;sid:84336990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.91.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473888/; classtype:trojan-activity;sid:84336988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473887)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_failing.mp3"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"u1.optdropper.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473887/; classtype:trojan-activity;sid:84336987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.123.11.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473886/; classtype:trojan-activity;sid:84336986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.2.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473884/; classtype:trojan-activity;sid:84336984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.38.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473885/; classtype:trojan-activity;sid:84336985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.124.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473882/; classtype:trojan-activity;sid:84336982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.228.247.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473883/; classtype:trojan-activity;sid:84336983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473878/; classtype:trojan-activity;sid:84336978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.171.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473879/; classtype:trojan-activity;sid:84336979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.248.16.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473880/; classtype:trojan-activity;sid:84336980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473881/; classtype:trojan-activity;sid:84336981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473877/; classtype:trojan-activity;sid:84336977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473876/; classtype:trojan-activity;sid:84336976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.171.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473874/; classtype:trojan-activity;sid:84336974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473875/; classtype:trojan-activity;sid:84336975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.120.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473872/; classtype:trojan-activity;sid:84336972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.48.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473873/; classtype:trojan-activity;sid:84336973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.105.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473870/; classtype:trojan-activity;sid:84336970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473871/; classtype:trojan-activity;sid:84336971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.233.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473869/; classtype:trojan-activity;sid:84336969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.63.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473868/; classtype:trojan-activity;sid:84336968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473867/; classtype:trojan-activity;sid:84336967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473866/; classtype:trojan-activity;sid:84336966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.70.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473865/; classtype:trojan-activity;sid:84336965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.138.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473864/; classtype:trojan-activity;sid:84336964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.63.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473863/; classtype:trojan-activity;sid:84336963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.123.10.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473862/; classtype:trojan-activity;sid:84336962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.233.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473861/; classtype:trojan-activity;sid:84336961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.31.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473860/; classtype:trojan-activity;sid:84336960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473859/; classtype:trojan-activity;sid:84336959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473858/; classtype:trojan-activity;sid:84336958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.6.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473857/; classtype:trojan-activity;sid:84336957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473856/; classtype:trojan-activity;sid:84336956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.164.75.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473855/; classtype:trojan-activity;sid:84336955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473854)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_aging.mp3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"u1.optdropper.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473854/; classtype:trojan-activity;sid:84336954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.134.20.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473853/; classtype:trojan-activity;sid:84336953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473852/; classtype:trojan-activity;sid:84336952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.164.75.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473851/; classtype:trojan-activity;sid:84336951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.6.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473850/; classtype:trojan-activity;sid:84336950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.158.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473849/; classtype:trojan-activity;sid:84336949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473848)"; flow:established,from_client; content:"GET"; http_method; content:"/download/indiapost.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"postindia.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473848/; classtype:trojan-activity;sid:84336948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.160.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473847/; classtype:trojan-activity;sid:84336947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.65.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473846/; classtype:trojan-activity;sid:84336946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.248.12.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473845/; classtype:trojan-activity;sid:84336945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473844/; classtype:trojan-activity;sid:84336944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.24.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473843/; classtype:trojan-activity;sid:84336943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473842)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=1rsilmv3hdr6apxkwepxrg2mrp1d2xwmb|7c|26|7c|export=download"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473842/; classtype:trojan-activity;sid:84336942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.160.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473841/; classtype:trojan-activity;sid:84336941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.160.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473840/; classtype:trojan-activity;sid:84336940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.158.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473839/; classtype:trojan-activity;sid:84336939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.202.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473838/; classtype:trojan-activity;sid:84336938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.116.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473837/; classtype:trojan-activity;sid:84336937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.248.12.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473836/; classtype:trojan-activity;sid:84336936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.128.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473835/; classtype:trojan-activity;sid:84336935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.134.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473834/; classtype:trojan-activity;sid:84336934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.202.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473833/; classtype:trojan-activity;sid:84336933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.160.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473832/; classtype:trojan-activity;sid:84336932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.24.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473831/; classtype:trojan-activity;sid:84336931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473830/; classtype:trojan-activity;sid:84336930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.116.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473829/; classtype:trojan-activity;sid:84336929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473828)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473828/; classtype:trojan-activity;sid:84336928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473824)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473824/; classtype:trojan-activity;sid:84336924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473825)"; flow:established,from_client; content:"GET"; http_method; content:"/netgear"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473825/; classtype:trojan-activity;sid:84336925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473826)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473826/; classtype:trojan-activity;sid:84336926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473827)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473827/; classtype:trojan-activity;sid:84336927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473812)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.arc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473812/; classtype:trojan-activity;sid:84336912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473813)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473813/; classtype:trojan-activity;sid:84336913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473814/; classtype:trojan-activity;sid:84336914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473815)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473815/; classtype:trojan-activity;sid:84336915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473816)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473816/; classtype:trojan-activity;sid:84336916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473817)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon80"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473817/; classtype:trojan-activity;sid:84336917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473818)"; flow:established,from_client; content:"GET"; http_method; content:"/dlink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473818/; classtype:trojan-activity;sid:84336918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473819)"; flow:established,from_client; content:"GET"; http_method; content:"/tr064"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473819/; classtype:trojan-activity;sid:84336919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473820)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473820/; classtype:trojan-activity;sid:84336920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473821)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473821/; classtype:trojan-activity;sid:84336921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473822)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473822/; classtype:trojan-activity;sid:84336922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473823)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473823/; classtype:trojan-activity;sid:84336923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473809)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473809/; classtype:trojan-activity;sid:84336909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473810)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473810/; classtype:trojan-activity;sid:84336910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473811)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/kaniki.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473811/; classtype:trojan-activity;sid:84336911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.46.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473808/; classtype:trojan-activity;sid:84336908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.160.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473807/; classtype:trojan-activity;sid:84336907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473806/; classtype:trojan-activity;sid:84336906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473792)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473792/; classtype:trojan-activity;sid:84336892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473793)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473793/; classtype:trojan-activity;sid:84336893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473794)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473794/; classtype:trojan-activity;sid:84336894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473795)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473795/; classtype:trojan-activity;sid:84336895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473796)"; flow:established,from_client; content:"GET"; http_method; content:"/met"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473796/; classtype:trojan-activity;sid:84336896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473797)"; flow:established,from_client; content:"GET"; http_method; content:"/lii"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473797/; classtype:trojan-activity;sid:84336897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473798)"; flow:established,from_client; content:"GET"; http_method; content:"/gateway"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473798/; classtype:trojan-activity;sid:84336898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473799)"; flow:established,from_client; content:"GET"; http_method; content:"/harm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473799/; classtype:trojan-activity;sid:84336899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473800)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473800/; classtype:trojan-activity;sid:84336900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473801)"; flow:established,from_client; content:"GET"; http_method; content:"/abb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473801/; classtype:trojan-activity;sid:84336901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473802)"; flow:established,from_client; content:"GET"; http_method; content:"/m"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473802/; classtype:trojan-activity;sid:84336902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473803)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473803/; classtype:trojan-activity;sid:84336903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473804)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473804/; classtype:trojan-activity;sid:84336904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473805)"; flow:established,from_client; content:"GET"; http_method; content:"/lmao"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473805/; classtype:trojan-activity;sid:84336905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473790)"; flow:established,from_client; content:"GET"; http_method; content:"/ro.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473790/; classtype:trojan-activity;sid:84336890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473791)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473791/; classtype:trojan-activity;sid:84336891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.79.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473788/; classtype:trojan-activity;sid:84336888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473787)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473787/; classtype:trojan-activity;sid:84336887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473786)"; flow:established,from_client; content:"GET"; http_method; content:"/luhxdante/blox-fruits-script/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473786/; classtype:trojan-activity;sid:84336886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473781)"; flow:established,from_client; content:"GET"; http_method; content:"/seltarrx/vite-react-project-setup-scripts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473781/; classtype:trojan-activity;sid:84336881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473782)"; flow:established,from_client; content:"GET"; http_method; content:"/preakp90/python_wallpaper_crawler/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473782/; classtype:trojan-activity;sid:84336882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473783)"; flow:established,from_client; content:"GET"; http_method; content:"/awisyhaziq/g4/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473783/; classtype:trojan-activity;sid:84336883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473784)"; flow:established,from_client; content:"GET"; http_method; content:"/trankha2k9/seedgn/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473784/; classtype:trojan-activity;sid:84336884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473785)"; flow:established,from_client; content:"GET"; http_method; content:"/spaceforgets-code/ai-voice-cloning-tool/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473785/; classtype:trojan-activity;sid:84336885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473765)"; flow:established,from_client; content:"GET"; http_method; content:"/xterminatordenuci/optimiseur-de-slug-url/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473765/; classtype:trojan-activity;sid:84336865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473766)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473766/; classtype:trojan-activity;sid:84336866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473767)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473767/; classtype:trojan-activity;sid:84336867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473768)"; flow:established,from_client; content:"GET"; http_method; content:"/ab-ff/multi-bit-comparator/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473768/; classtype:trojan-activity;sid:84336868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473769)"; flow:established,from_client; content:"GET"; http_method; content:"/latyfa2019/ethereum-mev_bot/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473769/; classtype:trojan-activity;sid:84336869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473770)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/smart-web-scraper-2.0-using-gen-ai/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473770/; classtype:trojan-activity;sid:84336870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473771)"; flow:established,from_client; content:"GET"; http_method; content:"/hambez/stm32-imu-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473771/; classtype:trojan-activity;sid:84336871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473772)"; flow:established,from_client; content:"GET"; http_method; content:"/cpsgdps/employe-time-tracker/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473772/; classtype:trojan-activity;sid:84336872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473773)"; flow:established,from_client; content:"GET"; http_method; content:"/lengkh/voice_classifier/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473773/; classtype:trojan-activity;sid:84336873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473774)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473774/; classtype:trojan-activity;sid:84336874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473775)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/roblox-synapse/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473775/; classtype:trojan-activity;sid:84336875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473776)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473776/; classtype:trojan-activity;sid:84336876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473777)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473777/; classtype:trojan-activity;sid:84336877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473778)"; flow:established,from_client; content:"GET"; http_method; content:"/youssefmasoud19999/instagram-auto-liker/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473778/; classtype:trojan-activity;sid:84336878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473779)"; flow:established,from_client; content:"GET"; http_method; content:"/led-sol/mental-health-chatbot/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473779/; classtype:trojan-activity;sid:84336879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473780)"; flow:established,from_client; content:"GET"; http_method; content:"/krishna9894/automated-youtube-shorts-generator/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473780/; classtype:trojan-activity;sid:84336880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473764)"; flow:established,from_client; content:"GET"; http_method; content:"/file/mdocument/po202502snakws.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"f004.backblazeb2.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473764/; classtype:trojan-activity;sid:84336864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473763)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ca2j53ahasg5mc835iym4kqsddcr7pbb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473763/; classtype:trojan-activity;sid:84336863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473762)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o8-7twrc1iepqheq_zchqjhqi-kwqleo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473762/; classtype:trojan-activity;sid:84336862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473761)"; flow:established,from_client; content:"GET"; http_method; content:"/123/casse.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.12.89.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473761/; classtype:trojan-activity;sid:84336861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.189.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473760/; classtype:trojan-activity;sid:84336860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473759)"; flow:established,from_client; content:"GET"; http_method; content:"/file/mdocument/po202502dake.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"f004.backblazeb2.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473759/; classtype:trojan-activity;sid:84336859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.91.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473757/; classtype:trojan-activity;sid:84336857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.160.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473758/; classtype:trojan-activity;sid:84336858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.203.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473756/; classtype:trojan-activity;sid:84336856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473755)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.46.217.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473755/; classtype:trojan-activity;sid:84336855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.236.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473754/; classtype:trojan-activity;sid:84336854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.203.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473753/; classtype:trojan-activity;sid:84336853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473750/; classtype:trojan-activity;sid:84336850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473751)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473751/; classtype:trojan-activity;sid:84336851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/star.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473752/; classtype:trojan-activity;sid:84336852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473746)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473746/; classtype:trojan-activity;sid:84336846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473747/; classtype:trojan-activity;sid:84336847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473748/; classtype:trojan-activity;sid:84336848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473749)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473749/; classtype:trojan-activity;sid:84336849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473737/; classtype:trojan-activity;sid:84336837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473738/; classtype:trojan-activity;sid:84336838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473739/; classtype:trojan-activity;sid:84336839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473740)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473740/; classtype:trojan-activity;sid:84336840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473741/; classtype:trojan-activity;sid:84336841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473742/; classtype:trojan-activity;sid:84336842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473743/; classtype:trojan-activity;sid:84336843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wraithbotnetapi.site"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473744/; classtype:trojan-activity;sid:84336844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473745)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473745/; classtype:trojan-activity;sid:84336845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473735/; classtype:trojan-activity;sid:84336835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.226.26.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473736/; classtype:trojan-activity;sid:84336836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.34.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473734/; classtype:trojan-activity;sid:84336834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.239.38.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473733/; classtype:trojan-activity;sid:84336833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473731/; classtype:trojan-activity;sid:84336831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.26.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473732/; classtype:trojan-activity;sid:84336832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.251.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473730/; classtype:trojan-activity;sid:84336830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.110.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473729/; classtype:trojan-activity;sid:84336829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.78.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473728/; classtype:trojan-activity;sid:84336828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.249.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473727/; classtype:trojan-activity;sid:84336827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.19.72.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473726/; classtype:trojan-activity;sid:84336826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473723/; classtype:trojan-activity;sid:84336823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.226.26.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473724/; classtype:trojan-activity;sid:84336824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.145.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473725/; classtype:trojan-activity;sid:84336825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.172.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473722/; classtype:trojan-activity;sid:84336822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.2.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473721/; classtype:trojan-activity;sid:84336821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.168.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473720/; classtype:trojan-activity;sid:84336820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.199.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473719/; classtype:trojan-activity;sid:84336819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473718/; classtype:trojan-activity;sid:84336818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.252.26.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473716/; classtype:trojan-activity;sid:84336816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.22.65.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473717/; classtype:trojan-activity;sid:84336817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473712/; classtype:trojan-activity;sid:84336812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.119.191.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473713/; classtype:trojan-activity;sid:84336813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473714/; classtype:trojan-activity;sid:84336814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.144.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473715/; classtype:trojan-activity;sid:84336815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473709/; classtype:trojan-activity;sid:84336809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.101.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473710/; classtype:trojan-activity;sid:84336810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473711/; classtype:trojan-activity;sid:84336811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.18.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473708/; classtype:trojan-activity;sid:84336808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473707/; classtype:trojan-activity;sid:84336807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.32"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473706/; classtype:trojan-activity;sid:84336806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.205.84.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473705/; classtype:trojan-activity;sid:84336805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.105.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473704/; classtype:trojan-activity;sid:84336804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.178.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473703/; classtype:trojan-activity;sid:84336803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.251.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473702/; classtype:trojan-activity;sid:84336802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.137.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473701/; classtype:trojan-activity;sid:84336801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.2.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473700/; classtype:trojan-activity;sid:84336800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.125.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473699/; classtype:trojan-activity;sid:84336799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.108.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473698/; classtype:trojan-activity;sid:84336798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473688)"; flow:established,from_client; content:"GET"; http_method; content:"/y"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473688/; classtype:trojan-activity;sid:84336788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473689)"; flow:established,from_client; content:"GET"; http_method; content:"/robots.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473689/; classtype:trojan-activity;sid:84336789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473690)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473690/; classtype:trojan-activity;sid:84336790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473691)"; flow:established,from_client; content:"GET"; http_method; content:"/buf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473691/; classtype:trojan-activity;sid:84336791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473692)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473692/; classtype:trojan-activity;sid:84336792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473693)"; flow:established,from_client; content:"GET"; http_method; content:"/ah"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473693/; classtype:trojan-activity;sid:84336793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473694)"; flow:established,from_client; content:"GET"; http_method; content:"/doc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473694/; classtype:trojan-activity;sid:84336794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.131.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473695/; classtype:trojan-activity;sid:84336795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473696)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473696/; classtype:trojan-activity;sid:84336796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473697)"; flow:established,from_client; content:"GET"; http_method; content:"/phi.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473697/; classtype:trojan-activity;sid:84336797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473686/; classtype:trojan-activity;sid:84336786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473687)"; flow:established,from_client; content:"GET"; http_method; content:"/lel"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473687/; classtype:trojan-activity;sid:84336787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473685)"; flow:established,from_client; content:"GET"; http_method; content:"/hikarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473685/; classtype:trojan-activity;sid:84336785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.17.51.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473684/; classtype:trojan-activity;sid:84336784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.110.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473683/; classtype:trojan-activity;sid:84336783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473682)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473682/; classtype:trojan-activity;sid:84336782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.187.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473681/; classtype:trojan-activity;sid:84336781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.137.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473680/; classtype:trojan-activity;sid:84336780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473678)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473678/; classtype:trojan-activity;sid:84336778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473679)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473679/; classtype:trojan-activity;sid:84336779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.108.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473677/; classtype:trojan-activity;sid:84336777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.81.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473675/; classtype:trojan-activity;sid:84336775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.131.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473676/; classtype:trojan-activity;sid:84336776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473674/; classtype:trojan-activity;sid:84336774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.234.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473673/; classtype:trojan-activity;sid:84336773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473672/; classtype:trojan-activity;sid:84336772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473671)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.35.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473671/; classtype:trojan-activity;sid:84336771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473668)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.35.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473668/; classtype:trojan-activity;sid:84336768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473669)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.35.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473669/; classtype:trojan-activity;sid:84336769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473670)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.35.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473670/; classtype:trojan-activity;sid:84336770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.110.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473667/; classtype:trojan-activity;sid:84336767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473663)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473663/; classtype:trojan-activity;sid:84336763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473664)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473664/; classtype:trojan-activity;sid:84336764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473665)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473665/; classtype:trojan-activity;sid:84336765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473666)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473666/; classtype:trojan-activity;sid:84336766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473656)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473656/; classtype:trojan-activity;sid:84336756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473657)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473657/; classtype:trojan-activity;sid:84336757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473658)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473658/; classtype:trojan-activity;sid:84336758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473659)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473659/; classtype:trojan-activity;sid:84336759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473660)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473660/; classtype:trojan-activity;sid:84336760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473661)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473661/; classtype:trojan-activity;sid:84336761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473662)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473662/; classtype:trojan-activity;sid:84336762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473644)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473644/; classtype:trojan-activity;sid:84336744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473645)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473645/; classtype:trojan-activity;sid:84336745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473646)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473646/; classtype:trojan-activity;sid:84336746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473647)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473647/; classtype:trojan-activity;sid:84336747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473648)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473648/; classtype:trojan-activity;sid:84336748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473649)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473649/; classtype:trojan-activity;sid:84336749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473650)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473650/; classtype:trojan-activity;sid:84336750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473651)"; flow:established,from_client; content:"GET"; http_method; content:"/hidden.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473651/; classtype:trojan-activity;sid:84336751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473652)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473652/; classtype:trojan-activity;sid:84336752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473653)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473653/; classtype:trojan-activity;sid:84336753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473654)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473654/; classtype:trojan-activity;sid:84336754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473655)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473655/; classtype:trojan-activity;sid:84336755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473642)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473642/; classtype:trojan-activity;sid:84336742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473643)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473643/; classtype:trojan-activity;sid:84336743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473641)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dasdv1.service1921.club"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473641/; classtype:trojan-activity;sid:84336741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.133.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473640/; classtype:trojan-activity;sid:84336740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.125.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473639/; classtype:trojan-activity;sid:84336739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473638)"; flow:established,from_client; content:"GET"; http_method; content:"/550/vcc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473638/; classtype:trojan-activity;sid:84336738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473637)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.34.75.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473637/; classtype:trojan-activity;sid:84336737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473636/; classtype:trojan-activity;sid:84336736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473635)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/umo/ncr/onceufeelgood.hta"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"172.245.191.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473635/; classtype:trojan-activity;sid:84336735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473634)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ncv/niceworkingskillwithbestideasevermade.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"198.12.89.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473634/; classtype:trojan-activity;sid:84336734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473633)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/vn/v/kissingwithbestexperiencedgirlfriendonhereformenice.hta"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473633/; classtype:trojan-activity;sid:84336733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473632)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/knfc/nice/nicegirlwithbestfeatrueswhatimoffering.hta"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"198.23.187.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473632/; classtype:trojan-activity;sid:84336732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.115.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473631/; classtype:trojan-activity;sid:84336731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.133.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473630/; classtype:trojan-activity;sid:84336730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473629)"; flow:established,from_client; content:"GET"; http_method; content:"/ccxxcc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473629/; classtype:trojan-activity;sid:84336729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473628)"; flow:established,from_client; content:"GET"; http_method; content:"/ddss.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473628/; classtype:trojan-activity;sid:84336728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.127.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473627/; classtype:trojan-activity;sid:84336727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473626)"; flow:established,from_client; content:"GET"; http_method; content:"/1/pocgses28.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.29.11.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473626/; classtype:trojan-activity;sid:84336726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473625)"; flow:established,from_client; content:"GET"; http_method; content:"/1/mmuaienr254.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.29.11.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473625/; classtype:trojan-activity;sid:84336725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473624)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/muk.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473624/; classtype:trojan-activity;sid:84336724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473623)"; flow:established,from_client; content:"GET"; http_method; content:"/89b86fda49329a90/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473623/; classtype:trojan-activity;sid:84336723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473617)"; flow:established,from_client; content:"GET"; http_method; content:"/89b86fda49329a90/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"62.60.226.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473617/; classtype:trojan-activity;sid:84336717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473618)"; flow:established,from_client; content:"GET"; http_method; content:"/89b86fda49329a90/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"62.60.226.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473618/; classtype:trojan-activity;sid:84336718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473619)"; flow:established,from_client; content:"GET"; http_method; content:"/89b86fda49329a90/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473619/; classtype:trojan-activity;sid:84336719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473620)"; flow:established,from_client; content:"GET"; http_method; content:"/89b86fda49329a90/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"62.60.226.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473620/; classtype:trojan-activity;sid:84336720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473621)"; flow:established,from_client; content:"GET"; http_method; content:"/89b86fda49329a90/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"62.60.226.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473621/; classtype:trojan-activity;sid:84336721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473622)"; flow:established,from_client; content:"GET"; http_method; content:"/89b86fda49329a90/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473622/; classtype:trojan-activity;sid:84336722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473616)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.71.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473616/; classtype:trojan-activity;sid:84336716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473590)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473590/; classtype:trojan-activity;sid:84336690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473591)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473591/; classtype:trojan-activity;sid:84336691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473592)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473592/; classtype:trojan-activity;sid:84336692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473593)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473593/; classtype:trojan-activity;sid:84336693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473594)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473594/; classtype:trojan-activity;sid:84336694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473595)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473595/; classtype:trojan-activity;sid:84336695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473596)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473596/; classtype:trojan-activity;sid:84336696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473597)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/star.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473597/; classtype:trojan-activity;sid:84336697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473598)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473598/; classtype:trojan-activity;sid:84336698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473599)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473599/; classtype:trojan-activity;sid:84336699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473600)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473600/; classtype:trojan-activity;sid:84336700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473601)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.164.38.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473601/; classtype:trojan-activity;sid:84336701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473602)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473602/; classtype:trojan-activity;sid:84336702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473603)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473603/; classtype:trojan-activity;sid:84336703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473604)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473604/; classtype:trojan-activity;sid:84336704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473605)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.215.61.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473605/; classtype:trojan-activity;sid:84336705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473606)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473606/; classtype:trojan-activity;sid:84336706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473607)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473607/; classtype:trojan-activity;sid:84336707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473608)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473608/; classtype:trojan-activity;sid:84336708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473609)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473609/; classtype:trojan-activity;sid:84336709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473610)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473610/; classtype:trojan-activity;sid:84336710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473611)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473611/; classtype:trojan-activity;sid:84336711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473612)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473612/; classtype:trojan-activity;sid:84336712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473613)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.88.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473613/; classtype:trojan-activity;sid:84336713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473614)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.251.88.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473614/; classtype:trojan-activity;sid:84336714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473584)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"156.253.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473584/; classtype:trojan-activity;sid:84336684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473585)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"156.253.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473585/; classtype:trojan-activity;sid:84336685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473586)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"156.253.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473586/; classtype:trojan-activity;sid:84336686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473587)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"156.253.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473587/; classtype:trojan-activity;sid:84336687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473588)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"156.253.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473588/; classtype:trojan-activity;sid:84336688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473589)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"156.253.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473589/; classtype:trojan-activity;sid:84336689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473583/; classtype:trojan-activity;sid:84336683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.115.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473582/; classtype:trojan-activity;sid:84336682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.41.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473581/; classtype:trojan-activity;sid:84336681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.144.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473580/; classtype:trojan-activity;sid:84336680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.113.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473579/; classtype:trojan-activity;sid:84336679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.11.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473578/; classtype:trojan-activity;sid:84336678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.20.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473577/; classtype:trojan-activity;sid:84336677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473576)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ovluq0bdu-cys5xvyogyjd5qidqb1per"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473576/; classtype:trojan-activity;sid:84336676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473575)"; flow:established,from_client; content:"GET"; http_method; content:"/840/vcc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.227.228.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473575/; classtype:trojan-activity;sid:84336675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473574)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g7zloa9qzg5-nvawt0bwx8ierl9mrhgq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473574/; classtype:trojan-activity;sid:84336674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.182.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473573/; classtype:trojan-activity;sid:84336673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.107.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473572/; classtype:trojan-activity;sid:84336672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.21.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473571/; classtype:trojan-activity;sid:84336671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473570)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.laqyk.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473570/; classtype:trojan-activity;sid:84336670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.21.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473569/; classtype:trojan-activity;sid:84336669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473566)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473566/; classtype:trojan-activity;sid:84336666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473567)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473567/; classtype:trojan-activity;sid:84336667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.28.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473568/; classtype:trojan-activity;sid:84336668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473565)"; flow:established,from_client; content:"GET"; http_method; content:"/mvsxkjvb3/plugins/firefox.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.125.50.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473565/; classtype:trojan-activity;sid:84336665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473564)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5153162918/p2sxmuh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473564/; classtype:trojan-activity;sid:84336664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473557)"; flow:established,from_client; content:"GET"; http_method; content:"/mvsxkjvb3/index.php"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.125.50.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473557/; classtype:trojan-activity;sid:84336657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473558)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473558/; classtype:trojan-activity;sid:84336658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473559)"; flow:established,from_client; content:"GET"; http_method; content:"/85a1cacf11314eb8.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473559/; classtype:trojan-activity;sid:84336659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473560)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473560/; classtype:trojan-activity;sid:84336660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473561)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473561/; classtype:trojan-activity;sid:84336661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.123.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473562/; classtype:trojan-activity;sid:84336662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473563)"; flow:established,from_client; content:"GET"; http_method; content:"/ni9kiput/index.php"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.113.115.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473563/; classtype:trojan-activity;sid:84336663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473553)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6431688176/iz73hnr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473553/; classtype:trojan-activity;sid:84336653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473554)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6098950268/cufizyh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473554/; classtype:trojan-activity;sid:84336654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473555)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5243921565/ipkwuq9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473555/; classtype:trojan-activity;sid:84336655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473556)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/1u5tubh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473556/; classtype:trojan-activity;sid:84336656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473545)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473545/; classtype:trojan-activity;sid:84336645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473546)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473546/; classtype:trojan-activity;sid:84336646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473547)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473547/; classtype:trojan-activity;sid:84336647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473548)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473548/; classtype:trojan-activity;sid:84336648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473549)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473549/; classtype:trojan-activity;sid:84336649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473550)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473550/; classtype:trojan-activity;sid:84336650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473551)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473551/; classtype:trojan-activity;sid:84336651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473552)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473552/; classtype:trojan-activity;sid:84336652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473544)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473544/; classtype:trojan-activity;sid:84336644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473541)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473541/; classtype:trojan-activity;sid:84336641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473542)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473542/; classtype:trojan-activity;sid:84336642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473543)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473543/; classtype:trojan-activity;sid:84336643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473530)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473530/; classtype:trojan-activity;sid:84336630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473531)"; flow:established,from_client; content:"GET"; http_method; content:"/ediaf.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473531/; classtype:trojan-activity;sid:84336631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473532)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473532/; classtype:trojan-activity;sid:84336632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473533)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473533/; classtype:trojan-activity;sid:84336633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473534)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473534/; classtype:trojan-activity;sid:84336634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473535)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473535/; classtype:trojan-activity;sid:84336635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473536)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473536/; classtype:trojan-activity;sid:84336636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473537)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473537/; classtype:trojan-activity;sid:84336637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473538)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473538/; classtype:trojan-activity;sid:84336638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473539)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473539/; classtype:trojan-activity;sid:84336639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473540)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473540/; classtype:trojan-activity;sid:84336640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.175.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473529/; classtype:trojan-activity;sid:84336629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.11.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473528/; classtype:trojan-activity;sid:84336628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.120.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473527/; classtype:trojan-activity;sid:84336627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473526)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.podyz.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473526/; classtype:trojan-activity;sid:84336626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473525/; classtype:trojan-activity;sid:84336625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.107.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473524/; classtype:trojan-activity;sid:84336624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.215.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473523/; classtype:trojan-activity;sid:84336623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.56.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473522/; classtype:trojan-activity;sid:84336622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.11.133.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473521/; classtype:trojan-activity;sid:84336621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.147.40.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473520/; classtype:trojan-activity;sid:84336620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473518/; classtype:trojan-activity;sid:84336618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.165.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473519/; classtype:trojan-activity;sid:84336619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473517)"; flow:established,from_client; content:"GET"; http_method; content:"/beautifulway.mp3"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hismajesty.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473517/; classtype:trojan-activity;sid:84336617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473516)"; flow:established,from_client; content:"GET"; http_method; content:"/n/ax4mqlu25efi/b/zordarruba/o/pathing-meet-toward-check.html"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"objectstorage.ap-singapore-2.oraclecloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473516/; classtype:trojan-activity;sid:84336616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.147.40.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473515/; classtype:trojan-activity;sid:84336615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.237.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473514/; classtype:trojan-activity;sid:84336614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.54.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473513/; classtype:trojan-activity;sid:84336613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.7.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473512/; classtype:trojan-activity;sid:84336612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.242.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473511/; classtype:trojan-activity;sid:84336611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.123.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473510/; classtype:trojan-activity;sid:84336610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.237.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473509/; classtype:trojan-activity;sid:84336609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.138.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473508/; classtype:trojan-activity;sid:84336608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.60.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473507/; classtype:trojan-activity;sid:84336607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.154.253.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473506/; classtype:trojan-activity;sid:84336606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.19.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473505/; classtype:trojan-activity;sid:84336605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.54.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473504/; classtype:trojan-activity;sid:84336604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.50.70.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473503/; classtype:trojan-activity;sid:84336603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473502/; classtype:trojan-activity;sid:84336602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.242.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473501/; classtype:trojan-activity;sid:84336601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473498/; classtype:trojan-activity;sid:84336598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.131.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473499/; classtype:trojan-activity;sid:84336599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473500/; classtype:trojan-activity;sid:84336600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.66.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473497/; classtype:trojan-activity;sid:84336597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.184.195.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473496/; classtype:trojan-activity;sid:84336596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.228.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473495/; classtype:trojan-activity;sid:84336595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.60.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473494/; classtype:trojan-activity;sid:84336594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.0.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473493/; classtype:trojan-activity;sid:84336593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473492)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.172.79.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473492/; classtype:trojan-activity;sid:84336592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.19.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473491/; classtype:trojan-activity;sid:84336591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.142.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473490/; classtype:trojan-activity;sid:84336590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.254.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473489/; classtype:trojan-activity;sid:84336589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.115.80.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473488/; classtype:trojan-activity;sid:84336588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.10.37.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473487/; classtype:trojan-activity;sid:84336587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473486/; classtype:trojan-activity;sid:84336586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.113.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473485/; classtype:trojan-activity;sid:84336585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.113.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473484/; classtype:trojan-activity;sid:84336584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.81.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473483/; classtype:trojan-activity;sid:84336583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.106.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473482/; classtype:trojan-activity;sid:84336582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.102.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473481/; classtype:trojan-activity;sid:84336581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473480/; classtype:trojan-activity;sid:84336580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473479)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dashboard.nzlifecoaching.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473479/; classtype:trojan-activity;sid:84336579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473478/; classtype:trojan-activity;sid:84336578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.48.28.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473477/; classtype:trojan-activity;sid:84336577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.152.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473476/; classtype:trojan-activity;sid:84336576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.77.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473475/; classtype:trojan-activity;sid:84336575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.210.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473474/; classtype:trojan-activity;sid:84336574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.10.37.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473473/; classtype:trojan-activity;sid:84336573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.142.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473472/; classtype:trojan-activity;sid:84336572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.23.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473471/; classtype:trojan-activity;sid:84336571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.106.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473470/; classtype:trojan-activity;sid:84336570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.36.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473469/; classtype:trojan-activity;sid:84336569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.77.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473468/; classtype:trojan-activity;sid:84336568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473467/; classtype:trojan-activity;sid:84336567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473466/; classtype:trojan-activity;sid:84336566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.44.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473465/; classtype:trojan-activity;sid:84336565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.81.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473464/; classtype:trojan-activity;sid:84336564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.210.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473463/; classtype:trojan-activity;sid:84336563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.90.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473462/; classtype:trojan-activity;sid:84336562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473461/; classtype:trojan-activity;sid:84336561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473460/; classtype:trojan-activity;sid:84336560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.116.153.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473459/; classtype:trojan-activity;sid:84336559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.44.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473458/; classtype:trojan-activity;sid:84336558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.165.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473457/; classtype:trojan-activity;sid:84336557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.116.153.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473456/; classtype:trojan-activity;sid:84336556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.63.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473455/; classtype:trojan-activity;sid:84336555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.83.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473454/; classtype:trojan-activity;sid:84336554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473451)"; flow:established,from_client; content:"GET"; http_method; content:"/hidden.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473451/; classtype:trojan-activity;sid:84336551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473452/; classtype:trojan-activity;sid:84336552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473453)"; flow:established,from_client; content:"GET"; http_method; content:"/snoopy.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.127.56.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473453/; classtype:trojan-activity;sid:84336553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.231.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473450/; classtype:trojan-activity;sid:84336550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.87.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473449/; classtype:trojan-activity;sid:84336549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.247.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473447/; classtype:trojan-activity;sid:84336547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.245.3.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473448/; classtype:trojan-activity;sid:84336548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.199.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473446/; classtype:trojan-activity;sid:84336546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.13.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473445/; classtype:trojan-activity;sid:84336545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.10.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473444/; classtype:trojan-activity;sid:84336544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.186.39.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473442/; classtype:trojan-activity;sid:84336542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.167.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473443/; classtype:trojan-activity;sid:84336543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.37.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473441/; classtype:trojan-activity;sid:84336541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.231.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473440/; classtype:trojan-activity;sid:84336540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.63.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473439/; classtype:trojan-activity;sid:84336539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.26.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473438/; classtype:trojan-activity;sid:84336538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.167.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473436/; classtype:trojan-activity;sid:84336536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.87.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473437/; classtype:trojan-activity;sid:84336537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.117.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473435/; classtype:trojan-activity;sid:84336535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.199.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473434/; classtype:trojan-activity;sid:84336534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.248.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473433/; classtype:trojan-activity;sid:84336533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473432/; classtype:trojan-activity;sid:84336532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.171.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473431/; classtype:trojan-activity;sid:84336531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.67.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473430/; classtype:trojan-activity;sid:84336530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473429/; classtype:trojan-activity;sid:84336529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.48.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473428/; classtype:trojan-activity;sid:84336528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.186.39.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473427/; classtype:trojan-activity;sid:84336527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.127.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473426/; classtype:trojan-activity;sid:84336526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.6.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473425/; classtype:trojan-activity;sid:84336525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.133.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473424/; classtype:trojan-activity;sid:84336524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.117.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473423/; classtype:trojan-activity;sid:84336523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.106.193.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473422/; classtype:trojan-activity;sid:84336522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.36.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473421/; classtype:trojan-activity;sid:84336521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.204.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473419/; classtype:trojan-activity;sid:84336519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.166.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473420/; classtype:trojan-activity;sid:84336520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473414/; classtype:trojan-activity;sid:84336514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.13.162"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473415/; classtype:trojan-activity;sid:84336515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.71.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473416/; classtype:trojan-activity;sid:84336516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.216.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473417/; classtype:trojan-activity;sid:84336517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473418/; classtype:trojan-activity;sid:84336518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473413/; classtype:trojan-activity;sid:84336513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473412/; classtype:trojan-activity;sid:84336512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473410/; classtype:trojan-activity;sid:84336510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.152.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473411/; classtype:trojan-activity;sid:84336511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.37.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473409/; classtype:trojan-activity;sid:84336509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473408/; classtype:trojan-activity;sid:84336508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.112.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473407/; classtype:trojan-activity;sid:84336507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.130.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473406/; classtype:trojan-activity;sid:84336506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.209.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473405/; classtype:trojan-activity;sid:84336505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473404/; classtype:trojan-activity;sid:84336504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.48.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473403/; classtype:trojan-activity;sid:84336503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.247.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473402/; classtype:trojan-activity;sid:84336502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.28.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473400/; classtype:trojan-activity;sid:84336500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.70.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473401/; classtype:trojan-activity;sid:84336501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473399/; classtype:trojan-activity;sid:84336499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.130.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473398/; classtype:trojan-activity;sid:84336498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.165.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473397/; classtype:trojan-activity;sid:84336497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.248.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473396/; classtype:trojan-activity;sid:84336496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.209.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473395/; classtype:trojan-activity;sid:84336495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.17.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473394/; classtype:trojan-activity;sid:84336494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473393/; classtype:trojan-activity;sid:84336493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473392/; classtype:trojan-activity;sid:84336492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.70.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473391/; classtype:trojan-activity;sid:84336491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.106.193.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473390/; classtype:trojan-activity;sid:84336490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.127.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473389/; classtype:trojan-activity;sid:84336489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473388/; classtype:trojan-activity;sid:84336488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473387/; classtype:trojan-activity;sid:84336487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.17.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473386/; classtype:trojan-activity;sid:84336486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473385/; classtype:trojan-activity;sid:84336485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.155.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473384/; classtype:trojan-activity;sid:84336484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.27.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473383/; classtype:trojan-activity;sid:84336483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.223.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473382/; classtype:trojan-activity;sid:84336482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473381/; classtype:trojan-activity;sid:84336481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.1.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473380/; classtype:trojan-activity;sid:84336480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.60.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473378/; classtype:trojan-activity;sid:84336478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.21.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473379/; classtype:trojan-activity;sid:84336479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473377/; classtype:trojan-activity;sid:84336477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473376/; classtype:trojan-activity;sid:84336476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.152.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473375/; classtype:trojan-activity;sid:84336475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.201.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473374/; classtype:trojan-activity;sid:84336474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.145.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473373/; classtype:trojan-activity;sid:84336473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.155.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473372/; classtype:trojan-activity;sid:84336472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.223.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473371/; classtype:trojan-activity;sid:84336471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.141.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473370/; classtype:trojan-activity;sid:84336470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.43.170.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473368/; classtype:trojan-activity;sid:84336468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.1.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473369/; classtype:trojan-activity;sid:84336469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.190.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473367/; classtype:trojan-activity;sid:84336467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.109.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473366/; classtype:trojan-activity;sid:84336466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.21.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473365/; classtype:trojan-activity;sid:84336465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.145.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473363/; classtype:trojan-activity;sid:84336463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473364/; classtype:trojan-activity;sid:84336464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.74.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473362/; classtype:trojan-activity;sid:84336462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.47.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473361/; classtype:trojan-activity;sid:84336461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473359)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.kabuq.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473359/; classtype:trojan-activity;sid:84336459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.60.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473360/; classtype:trojan-activity;sid:84336460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.190.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473358/; classtype:trojan-activity;sid:84336458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.218.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473357/; classtype:trojan-activity;sid:84336457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.246.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473356/; classtype:trojan-activity;sid:84336456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.7.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473355/; classtype:trojan-activity;sid:84336455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.109.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473354/; classtype:trojan-activity;sid:84336454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.47.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473353/; classtype:trojan-activity;sid:84336453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.146.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473351/; classtype:trojan-activity;sid:84336451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.127.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473352/; classtype:trojan-activity;sid:84336452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473350)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.82.144.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473350/; classtype:trojan-activity;sid:84336450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.145.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473349/; classtype:trojan-activity;sid:84336449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.77.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473348/; classtype:trojan-activity;sid:84336448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.143.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473347/; classtype:trojan-activity;sid:84336447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.207.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473345/; classtype:trojan-activity;sid:84336445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.218.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473346/; classtype:trojan-activity;sid:84336446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.7.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473344/; classtype:trojan-activity;sid:84336444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473343/; classtype:trojan-activity;sid:84336443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.174.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473342/; classtype:trojan-activity;sid:84336442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.217.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473340/; classtype:trojan-activity;sid:84336440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.72.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473341/; classtype:trojan-activity;sid:84336441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.161.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473339/; classtype:trojan-activity;sid:84336439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.143.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473338/; classtype:trojan-activity;sid:84336438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.246.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473337/; classtype:trojan-activity;sid:84336437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.215.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473336/; classtype:trojan-activity;sid:84336436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.174.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473335/; classtype:trojan-activity;sid:84336435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473334/; classtype:trojan-activity;sid:84336434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.57.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473333/; classtype:trojan-activity;sid:84336433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.125.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473332/; classtype:trojan-activity;sid:84336432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.11.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473331/; classtype:trojan-activity;sid:84336431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.18.253.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473330/; classtype:trojan-activity;sid:84336430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.235.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473329/; classtype:trojan-activity;sid:84336429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.32.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473328/; classtype:trojan-activity;sid:84336428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.217.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473326/; classtype:trojan-activity;sid:84336426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.118.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473327/; classtype:trojan-activity;sid:84336427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.72.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473325/; classtype:trojan-activity;sid:84336425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.161.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473324/; classtype:trojan-activity;sid:84336424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.54.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473323/; classtype:trojan-activity;sid:84336423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.249.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473322/; classtype:trojan-activity;sid:84336422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.215.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473321/; classtype:trojan-activity;sid:84336421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.139.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473320/; classtype:trojan-activity;sid:84336420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473319)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"forum.envisionfonddulac.info"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473319/; classtype:trojan-activity;sid:84336419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.146.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473318/; classtype:trojan-activity;sid:84336418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.109.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473317/; classtype:trojan-activity;sid:84336417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473316/; classtype:trojan-activity;sid:84336416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.194.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473313/; classtype:trojan-activity;sid:84336413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.255.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473314/; classtype:trojan-activity;sid:84336414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.65.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473315/; classtype:trojan-activity;sid:84336415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.148.220.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473306/; classtype:trojan-activity;sid:84336406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473307/; classtype:trojan-activity;sid:84336407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473308/; classtype:trojan-activity;sid:84336408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.51.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473309/; classtype:trojan-activity;sid:84336409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473310/; classtype:trojan-activity;sid:84336410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.120.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473311/; classtype:trojan-activity;sid:84336411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473312/; classtype:trojan-activity;sid:84336412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473305/; classtype:trojan-activity;sid:84336405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473304/; classtype:trojan-activity;sid:84336404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473303/; classtype:trojan-activity;sid:84336403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.202.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473302/; classtype:trojan-activity;sid:84336402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.96.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473301/; classtype:trojan-activity;sid:84336401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.27.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473300/; classtype:trojan-activity;sid:84336400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.57.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473298/; classtype:trojan-activity;sid:84336398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.249.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473299/; classtype:trojan-activity;sid:84336399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.170.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473297/; classtype:trojan-activity;sid:84336397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.80.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473296/; classtype:trojan-activity;sid:84336396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473295/; classtype:trojan-activity;sid:84336395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.8.149"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473294/; classtype:trojan-activity;sid:84336394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.90.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473293/; classtype:trojan-activity;sid:84336393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.11.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473292/; classtype:trojan-activity;sid:84336392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.26.81.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473291/; classtype:trojan-activity;sid:84336391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.231.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473290/; classtype:trojan-activity;sid:84336390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.26.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473289/; classtype:trojan-activity;sid:84336389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.54.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473288/; classtype:trojan-activity;sid:84336388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.139.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473286/; classtype:trojan-activity;sid:84336386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.118.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473287/; classtype:trojan-activity;sid:84336387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.79.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473285/; classtype:trojan-activity;sid:84336385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473284/; classtype:trojan-activity;sid:84336384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.244.90.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473283/; classtype:trojan-activity;sid:84336383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473282/; classtype:trojan-activity;sid:84336382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.80.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473281/; classtype:trojan-activity;sid:84336381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.170.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473280/; classtype:trojan-activity;sid:84336380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.122.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473279/; classtype:trojan-activity;sid:84336379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.109.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473278/; classtype:trojan-activity;sid:84336378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.82.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473277/; classtype:trojan-activity;sid:84336377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.0.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473276/; classtype:trojan-activity;sid:84336376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.199.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473275/; classtype:trojan-activity;sid:84336375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.31.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473274/; classtype:trojan-activity;sid:84336374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.83.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473273/; classtype:trojan-activity;sid:84336373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.199.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473272/; classtype:trojan-activity;sid:84336372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.140.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473271/; classtype:trojan-activity;sid:84336371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.26.81.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473270/; classtype:trojan-activity;sid:84336370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.231.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473269/; classtype:trojan-activity;sid:84336369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.244.90.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473268/; classtype:trojan-activity;sid:84336368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473267/; classtype:trojan-activity;sid:84336367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.125.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473266/; classtype:trojan-activity;sid:84336366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.231.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473265/; classtype:trojan-activity;sid:84336365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473264/; classtype:trojan-activity;sid:84336364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.236.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473263/; classtype:trojan-activity;sid:84336363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.25.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473262/; classtype:trojan-activity;sid:84336362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.15.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473261/; classtype:trojan-activity;sid:84336361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.46.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473260/; classtype:trojan-activity;sid:84336360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.31.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473259/; classtype:trojan-activity;sid:84336359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.129.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473258/; classtype:trojan-activity;sid:84336358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473257/; classtype:trojan-activity;sid:84336357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.140.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473256/; classtype:trojan-activity;sid:84336356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.231.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473255/; classtype:trojan-activity;sid:84336355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473254/; classtype:trojan-activity;sid:84336354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.201.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473252/; classtype:trojan-activity;sid:84336352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.210.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473253/; classtype:trojan-activity;sid:84336353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.25.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473251/; classtype:trojan-activity;sid:84336351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473250/; classtype:trojan-activity;sid:84336350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.178.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473249/; classtype:trojan-activity;sid:84336349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473248/; classtype:trojan-activity;sid:84336348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473247/; classtype:trojan-activity;sid:84336347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473246/; classtype:trojan-activity;sid:84336346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.210.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473245/; classtype:trojan-activity;sid:84336345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473244/; classtype:trojan-activity;sid:84336344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473243)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"download.shrewsburysocialclub.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473243/; classtype:trojan-activity;sid:84336343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473242)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"billing.shrewsburysocialclub.org"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473242/; classtype:trojan-activity;sid:84336342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.172.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473241/; classtype:trojan-activity;sid:84336341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473240)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"nevada.mandros.us"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473240/; classtype:trojan-activity;sid:84336340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.201.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473239/; classtype:trojan-activity;sid:84336339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.133.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473238/; classtype:trojan-activity;sid:84336338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.109.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473237/; classtype:trojan-activity;sid:84336337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.83.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473236/; classtype:trojan-activity;sid:84336336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.248.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473235/; classtype:trojan-activity;sid:84336335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.83.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473234/; classtype:trojan-activity;sid:84336334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.3.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473233/; classtype:trojan-activity;sid:84336333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.80.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473232/; classtype:trojan-activity;sid:84336332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.248.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473231/; classtype:trojan-activity;sid:84336331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473230/; classtype:trojan-activity;sid:84336330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.3.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473229/; classtype:trojan-activity;sid:84336329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473227)"; flow:established,from_client; content:"GET"; http_method; content:"/publicpublicpublic.xll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"kp.ferrysurgicallustily.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473227/; classtype:trojan-activity;sid:84336327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.86.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473228/; classtype:trojan-activity;sid:84336328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.144.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473226/; classtype:trojan-activity;sid:84336326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.237.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473225/; classtype:trojan-activity;sid:84336325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473224/; classtype:trojan-activity;sid:84336324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.112.108.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473223/; classtype:trojan-activity;sid:84336323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.25.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473222/; classtype:trojan-activity;sid:84336322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.45.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473217/; classtype:trojan-activity;sid:84336317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.103.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473218/; classtype:trojan-activity;sid:84336318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.217.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473219/; classtype:trojan-activity;sid:84336319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473220/; classtype:trojan-activity;sid:84336320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.156.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473221/; classtype:trojan-activity;sid:84336321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.180.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473216/; classtype:trojan-activity;sid:84336316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473215/; classtype:trojan-activity;sid:84336315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473213/; classtype:trojan-activity;sid:84336313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473214/; classtype:trojan-activity;sid:84336314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473212/; classtype:trojan-activity;sid:84336312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473211/; classtype:trojan-activity;sid:84336311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473210/; classtype:trojan-activity;sid:84336310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.101.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473208/; classtype:trojan-activity;sid:84336308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.29.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473209/; classtype:trojan-activity;sid:84336309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.65.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473207/; classtype:trojan-activity;sid:84336307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.128.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473206/; classtype:trojan-activity;sid:84336306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.119.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473205/; classtype:trojan-activity;sid:84336305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.91.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473204/; classtype:trojan-activity;sid:84336304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.227.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473203/; classtype:trojan-activity;sid:84336303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.150.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473202/; classtype:trojan-activity;sid:84336302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473201/; classtype:trojan-activity;sid:84336301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.20.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473200/; classtype:trojan-activity;sid:84336300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.251.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473199/; classtype:trojan-activity;sid:84336299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.35.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473198/; classtype:trojan-activity;sid:84336298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.98.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473197/; classtype:trojan-activity;sid:84336297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.128.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473195/; classtype:trojan-activity;sid:84336295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.92.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473196/; classtype:trojan-activity;sid:84336296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.20.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473194/; classtype:trojan-activity;sid:84336294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473193/; classtype:trojan-activity;sid:84336293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.171.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473191/; classtype:trojan-activity;sid:84336291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.12.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473192/; classtype:trojan-activity;sid:84336292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.19.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473190/; classtype:trojan-activity;sid:84336290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.92.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473189/; classtype:trojan-activity;sid:84336289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473188)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.gijuz.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473188/; classtype:trojan-activity;sid:84336288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473187)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"enviojs06.kozow.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473187/; classtype:trojan-activity;sid:84336287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.3.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473186/; classtype:trojan-activity;sid:84336286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.35.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473185/; classtype:trojan-activity;sid:84336285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.178.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473184/; classtype:trojan-activity;sid:84336284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473183)"; flow:established,from_client; content:"GET"; http_method; content:"/adobe/adobe_installer.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"leo-pharrna.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473183/; classtype:trojan-activity;sid:84336283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473182)"; flow:established,from_client; content:"GET"; http_method; content:"/road.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sappycloud.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473182/; classtype:trojan-activity;sid:84336282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.12.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473181/; classtype:trojan-activity;sid:84336281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.30.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473180/; classtype:trojan-activity;sid:84336280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473178)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473178/; classtype:trojan-activity;sid:84336278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473179)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.40.117.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473179/; classtype:trojan-activity;sid:84336279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473177/; classtype:trojan-activity;sid:84336277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.171.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473176/; classtype:trojan-activity;sid:84336276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.228.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473175/; classtype:trojan-activity;sid:84336275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.3.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473174/; classtype:trojan-activity;sid:84336274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.178.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473172/; classtype:trojan-activity;sid:84336272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473173)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/vn/niceskillbestexperiencegivenmegood.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473173/; classtype:trojan-activity;sid:84336273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473171)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/cik/niceworkingskilldevelopedwithgreatnews.hta"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"192.227.228.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473171/; classtype:trojan-activity;sid:84336271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473170)"; flow:established,from_client; content:"GET"; http_method; content:"/r/wc49nlpn/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473170/; classtype:trojan-activity;sid:84336270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473169)"; flow:established,from_client; content:"GET"; http_method; content:"/r/uj6clj4d/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473169/; classtype:trojan-activity;sid:84336269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.57.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473168/; classtype:trojan-activity;sid:84336268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473167/; classtype:trojan-activity;sid:84336267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473166/; classtype:trojan-activity;sid:84336266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473165)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1y_mu1ixtxqadn_f65cn0bf8lf0xc8u0i"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473165/; classtype:trojan-activity;sid:84336265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473164)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=179yerspiwymvgjvo15sjw1kn3hf-txyz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473164/; classtype:trojan-activity;sid:84336264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473163)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qx0j1nnsjksngolwq4mibchlt6jy7otj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473163/; classtype:trojan-activity;sid:84336263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473162)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=1rttw8righwswcimydiegr66ewk0qjnqo|7c|26|7c|export=download"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473162/; classtype:trojan-activity;sid:84336262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473161)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lu6obrmhwe9km-jng8euzpgdn-8kgh8m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473161/; classtype:trojan-activity;sid:84336261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473160)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d4aper-gjv3agk8yeny5scayonlc68yo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473160/; classtype:trojan-activity;sid:84336260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.119.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473159/; classtype:trojan-activity;sid:84336259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.191.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473157/; classtype:trojan-activity;sid:84336257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.240.240.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473158/; classtype:trojan-activity;sid:84336258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.221.44.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473156/; classtype:trojan-activity;sid:84336256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473155)"; flow:established,from_client; content:"GET"; http_method; content:"/html/po.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"weixe.ir"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473155/; classtype:trojan-activity;sid:84336255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.109.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473154/; classtype:trojan-activity;sid:84336254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473153)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lu7l8qi0xatfqu4gdynqitjvupkhjm1t"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473153/; classtype:trojan-activity;sid:84336253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473152)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikypl1fkgpaswtyunt0lndvs6quadw7q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473152/; classtype:trojan-activity;sid:84336252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.228.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473151/; classtype:trojan-activity;sid:84336251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.19.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473150/; classtype:trojan-activity;sid:84336250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.115.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473149/; classtype:trojan-activity;sid:84336249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473148)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"webjava.casacam.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473148/; classtype:trojan-activity;sid:84336248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473147/; classtype:trojan-activity;sid:84336247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473146/; classtype:trojan-activity;sid:84336246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.221.205.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473145/; classtype:trojan-activity;sid:84336245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.101.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473144/; classtype:trojan-activity;sid:84336244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.221.205.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473143/; classtype:trojan-activity;sid:84336243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473142)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.pivyt.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473142/; classtype:trojan-activity;sid:84336242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473140)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/money.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473140/; classtype:trojan-activity;sid:84336240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.125.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473141/; classtype:trojan-activity;sid:84336241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473130)"; flow:established,from_client; content:"GET"; http_method; content:"/2/qkmjdvudltx8.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.29.11.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473130/; classtype:trojan-activity;sid:84336230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473131)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/client.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473131/; classtype:trojan-activity;sid:84336231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473132)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/runpee.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473132/; classtype:trojan-activity;sid:84336232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473133)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/czxasd55.rar"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473133/; classtype:trojan-activity;sid:84336233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473134)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/m2.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473134/; classtype:trojan-activity;sid:84336234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473135)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/wasfs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473135/; classtype:trojan-activity;sid:84336235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473136)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/snake.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473136/; classtype:trojan-activity;sid:84336236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473137)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/cozy.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473137/; classtype:trojan-activity;sid:84336237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473138)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/cozzy.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473138/; classtype:trojan-activity;sid:84336238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473139)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/eng.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473139/; classtype:trojan-activity;sid:84336239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473129)"; flow:established,from_client; content:"GET"; http_method; content:"/3/euvksai14.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.29.11.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473129/; classtype:trojan-activity;sid:84336229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473127)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/testina.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473127/; classtype:trojan-activity;sid:84336227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473128)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/hustleee.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473128/; classtype:trojan-activity;sid:84336228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473125)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/testina.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473125/; classtype:trojan-activity;sid:84336225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473126)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/cozy.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473126/; classtype:trojan-activity;sid:84336226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.228.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473124/; classtype:trojan-activity;sid:84336224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.67.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473123/; classtype:trojan-activity;sid:84336223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.229.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473122/; classtype:trojan-activity;sid:84336222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.159.173.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473121/; classtype:trojan-activity;sid:84336221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.49.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473120/; classtype:trojan-activity;sid:84336220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.101.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473119/; classtype:trojan-activity;sid:84336219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.178.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473118/; classtype:trojan-activity;sid:84336218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473117/; classtype:trojan-activity;sid:84336217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.143.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473116/; classtype:trojan-activity;sid:84336216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473115)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.120.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473115/; classtype:trojan-activity;sid:84336215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473112)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473112/; classtype:trojan-activity;sid:84336212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473113)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.84.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473113/; classtype:trojan-activity;sid:84336213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473114)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"107.172.82.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473114/; classtype:trojan-activity;sid:84336214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.125.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473111/; classtype:trojan-activity;sid:84336211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473109)"; flow:established,from_client; content:"GET"; http_method; content:"/fnkeykb65.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.144.32.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473109/; classtype:trojan-activity;sid:84336209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473110)"; flow:established,from_client; content:"GET"; http_method; content:"/baalicy232.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.159.99.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473110/; classtype:trojan-activity;sid:84336210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.171.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473108/; classtype:trojan-activity;sid:84336208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473107/; classtype:trojan-activity;sid:84336207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.26.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473106/; classtype:trojan-activity;sid:84336206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473105/; classtype:trojan-activity;sid:84336205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.121.0.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473104/; classtype:trojan-activity;sid:84336204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.143.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473103/; classtype:trojan-activity;sid:84336203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.84.139.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473102/; classtype:trojan-activity;sid:84336202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.196.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473101/; classtype:trojan-activity;sid:84336201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.91.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473100/; classtype:trojan-activity;sid:84336200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.122.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473099/; classtype:trojan-activity;sid:84336199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.84.139.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473098/; classtype:trojan-activity;sid:84336198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.64.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473097/; classtype:trojan-activity;sid:84336197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.50.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473096/; classtype:trojan-activity;sid:84336196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.229.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473095/; classtype:trojan-activity;sid:84336195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473094)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.huwaq.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473094/; classtype:trojan-activity;sid:84336194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.196.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473093/; classtype:trojan-activity;sid:84336193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.28.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473092/; classtype:trojan-activity;sid:84336192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.50.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473091/; classtype:trojan-activity;sid:84336191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.194.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473090/; classtype:trojan-activity;sid:84336190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.208.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473089/; classtype:trojan-activity;sid:84336189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.210.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473088/; classtype:trojan-activity;sid:84336188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.208.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473087/; classtype:trojan-activity;sid:84336187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473086)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473086/; classtype:trojan-activity;sid:84336186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473085)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473085/; classtype:trojan-activity;sid:84336185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.77.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473083/; classtype:trojan-activity;sid:84336183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.246.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473084/; classtype:trojan-activity;sid:84336184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473078)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473078/; classtype:trojan-activity;sid:84336178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473079)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473079/; classtype:trojan-activity;sid:84336179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473080)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473080/; classtype:trojan-activity;sid:84336180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473081)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473081/; classtype:trojan-activity;sid:84336181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473082)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473082/; classtype:trojan-activity;sid:84336182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473065)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473065/; classtype:trojan-activity;sid:84336165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473066)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473066/; classtype:trojan-activity;sid:84336166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473067)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473067/; classtype:trojan-activity;sid:84336167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473068/; classtype:trojan-activity;sid:84336168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473069)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473069/; classtype:trojan-activity;sid:84336169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473070/; classtype:trojan-activity;sid:84336170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473071)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473071/; classtype:trojan-activity;sid:84336171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473072)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473072/; classtype:trojan-activity;sid:84336172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473073)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473073/; classtype:trojan-activity;sid:84336173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473074)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473074/; classtype:trojan-activity;sid:84336174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473075)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473075/; classtype:trojan-activity;sid:84336175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473076)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473076/; classtype:trojan-activity;sid:84336176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473077)"; flow:established,from_client; content:"GET"; http_method; content:"/t/ppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473077/; classtype:trojan-activity;sid:84336177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473043)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473043/; classtype:trojan-activity;sid:84336143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473044)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473044/; classtype:trojan-activity;sid:84336144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473045)"; flow:established,from_client; content:"GET"; http_method; content:"/t/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473045/; classtype:trojan-activity;sid:84336145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473046)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473046/; classtype:trojan-activity;sid:84336146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473047)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473047/; classtype:trojan-activity;sid:84336147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473048)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473048/; classtype:trojan-activity;sid:84336148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473049)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473049/; classtype:trojan-activity;sid:84336149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473050)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473050/; classtype:trojan-activity;sid:84336150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473051)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473051/; classtype:trojan-activity;sid:84336151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473052)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473052/; classtype:trojan-activity;sid:84336152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473053)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473053/; classtype:trojan-activity;sid:84336153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473054)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/sparc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473054/; classtype:trojan-activity;sid:84336154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473055)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473055/; classtype:trojan-activity;sid:84336155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473056)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473056/; classtype:trojan-activity;sid:84336156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473057)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473057/; classtype:trojan-activity;sid:84336157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473058)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473058/; classtype:trojan-activity;sid:84336158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473059)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473059/; classtype:trojan-activity;sid:84336159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473060)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473060/; classtype:trojan-activity;sid:84336160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473061)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473061/; classtype:trojan-activity;sid:84336161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473062)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473062/; classtype:trojan-activity;sid:84336162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473063)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473063/; classtype:trojan-activity;sid:84336163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473064)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473064/; classtype:trojan-activity;sid:84336164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473025)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473025/; classtype:trojan-activity;sid:84336125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473026)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/riscv32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473026/; classtype:trojan-activity;sid:84336126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473027)"; flow:established,from_client; content:"GET"; http_method; content:"/t/ppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473027/; classtype:trojan-activity;sid:84336127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473028)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473028/; classtype:trojan-activity;sid:84336128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473029)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473029/; classtype:trojan-activity;sid:84336129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473030)"; flow:established,from_client; content:"GET"; http_method; content:"/t/sh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473030/; classtype:trojan-activity;sid:84336130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473031)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473031/; classtype:trojan-activity;sid:84336131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473032)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473032/; classtype:trojan-activity;sid:84336132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473033)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/riscv32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473033/; classtype:trojan-activity;sid:84336133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473034)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473034/; classtype:trojan-activity;sid:84336134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473035)"; flow:established,from_client; content:"GET"; http_method; content:"/t/sh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473035/; classtype:trojan-activity;sid:84336135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473036)"; flow:established,from_client; content:"GET"; http_method; content:"/vv/powerpc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473036/; classtype:trojan-activity;sid:84336136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473037)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473037/; classtype:trojan-activity;sid:84336137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473038)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473038/; classtype:trojan-activity;sid:84336138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473039)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473039/; classtype:trojan-activity;sid:84336139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473040)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473040/; classtype:trojan-activity;sid:84336140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473041)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473041/; classtype:trojan-activity;sid:84336141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473042)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473042/; classtype:trojan-activity;sid:84336142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.203.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473024/; classtype:trojan-activity;sid:84336124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.231.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473023/; classtype:trojan-activity;sid:84336123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.110.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473022/; classtype:trojan-activity;sid:84336122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.194.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473021/; classtype:trojan-activity;sid:84336121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.220.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473020/; classtype:trojan-activity;sid:84336120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.211.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473019/; classtype:trojan-activity;sid:84336119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.220.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473018/; classtype:trojan-activity;sid:84336118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.52.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473017/; classtype:trojan-activity;sid:84336117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.110.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473016/; classtype:trojan-activity;sid:84336116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.210.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473015/; classtype:trojan-activity;sid:84336115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.47.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473014/; classtype:trojan-activity;sid:84336114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473013/; classtype:trojan-activity;sid:84336113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.119.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473012/; classtype:trojan-activity;sid:84336112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.67.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473011/; classtype:trojan-activity;sid:84336111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.231.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473010/; classtype:trojan-activity;sid:84336110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.245.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473009/; classtype:trojan-activity;sid:84336109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473008)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jebir.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473008/; classtype:trojan-activity;sid:84336108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.90.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473006/; classtype:trojan-activity;sid:84336106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473007/; classtype:trojan-activity;sid:84336107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.243.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473005/; classtype:trojan-activity;sid:84336105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.160.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473004/; classtype:trojan-activity;sid:84336104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.119.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473003/; classtype:trojan-activity;sid:84336103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473002/; classtype:trojan-activity;sid:84336102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.125.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473001/; classtype:trojan-activity;sid:84336101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.67.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473000/; classtype:trojan-activity;sid:84336100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.122.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472999/; classtype:trojan-activity;sid:84336099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.123.218.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472998/; classtype:trojan-activity;sid:84336098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472997/; classtype:trojan-activity;sid:84336097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.3.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472996/; classtype:trojan-activity;sid:84336096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.123.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472995/; classtype:trojan-activity;sid:84336095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.221.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472994/; classtype:trojan-activity;sid:84336094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.218.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472993/; classtype:trojan-activity;sid:84336093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.243.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472992/; classtype:trojan-activity;sid:84336092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.122.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472990/; classtype:trojan-activity;sid:84336090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.96.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472991/; classtype:trojan-activity;sid:84336091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472989/; classtype:trojan-activity;sid:84336089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472986/; classtype:trojan-activity;sid:84336086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.244.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472987/; classtype:trojan-activity;sid:84336087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.65.213.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472988/; classtype:trojan-activity;sid:84336088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.3.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472985/; classtype:trojan-activity;sid:84336085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.47.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472984/; classtype:trojan-activity;sid:84336084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472983/; classtype:trojan-activity;sid:84336083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.150.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472981/; classtype:trojan-activity;sid:84336081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.175.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472982/; classtype:trojan-activity;sid:84336082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472980/; classtype:trojan-activity;sid:84336080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.14.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472979/; classtype:trojan-activity;sid:84336079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.221.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472978/; classtype:trojan-activity;sid:84336078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472977/; classtype:trojan-activity;sid:84336077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472976/; classtype:trojan-activity;sid:84336076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.123.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472975/; classtype:trojan-activity;sid:84336075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472974/; classtype:trojan-activity;sid:84336074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472973)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.vumyr.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472973/; classtype:trojan-activity;sid:84336073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.173.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472972/; classtype:trojan-activity;sid:84336072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.230.66.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472971/; classtype:trojan-activity;sid:84336071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.201.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472970/; classtype:trojan-activity;sid:84336070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.173.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472969/; classtype:trojan-activity;sid:84336069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.40.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472968/; classtype:trojan-activity;sid:84336068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472967/; classtype:trojan-activity;sid:84336067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.83.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472966/; classtype:trojan-activity;sid:84336066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472965/; classtype:trojan-activity;sid:84336065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.135.183.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472964/; classtype:trojan-activity;sid:84336064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.147.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472963/; classtype:trojan-activity;sid:84336063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.86.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472962/; classtype:trojan-activity;sid:84336062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.251.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472961/; classtype:trojan-activity;sid:84336061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.152.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472960/; classtype:trojan-activity;sid:84336060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472958/; classtype:trojan-activity;sid:84336058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.201.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472959/; classtype:trojan-activity;sid:84336059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.222.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472957/; classtype:trojan-activity;sid:84336057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472956)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.myryh.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472956/; classtype:trojan-activity;sid:84336056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472955)"; flow:established,from_client; content:"GET"; http_method; content:"/htctl32.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"sundreammedia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472955/; classtype:trojan-activity;sid:84336055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.161.204.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472953/; classtype:trojan-activity;sid:84336053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.100.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472954/; classtype:trojan-activity;sid:84336054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.43.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472952/; classtype:trojan-activity;sid:84336052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.222.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472951/; classtype:trojan-activity;sid:84336051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.251.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472950/; classtype:trojan-activity;sid:84336050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.13.22.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472948/; classtype:trojan-activity;sid:84336048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.170.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472949/; classtype:trojan-activity;sid:84336049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472947/; classtype:trojan-activity;sid:84336047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.248.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472946/; classtype:trojan-activity;sid:84336046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.184.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472945/; classtype:trojan-activity;sid:84336045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472944/; classtype:trojan-activity;sid:84336044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472943/; classtype:trojan-activity;sid:84336043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.188.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472942/; classtype:trojan-activity;sid:84336042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.176.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472941/; classtype:trojan-activity;sid:84336041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.65.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472940/; classtype:trojan-activity;sid:84336040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472939/; classtype:trojan-activity;sid:84336039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472938)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"w.softprojectcode.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472938/; classtype:trojan-activity;sid:84336038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472937)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"w.softprojectcode.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472937/; classtype:trojan-activity;sid:84336037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472936)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"w.softprojectcode.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472936/; classtype:trojan-activity;sid:84336036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472935)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"w.softprojectcode.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472935/; classtype:trojan-activity;sid:84336035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472934)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"w.softprojectcode.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472934/; classtype:trojan-activity;sid:84336034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.248.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472933/; classtype:trojan-activity;sid:84336033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.182.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472932/; classtype:trojan-activity;sid:84336032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.107.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472931/; classtype:trojan-activity;sid:84336031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.65.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472930/; classtype:trojan-activity;sid:84336030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472928/; classtype:trojan-activity;sid:84336028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472929/; classtype:trojan-activity;sid:84336029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.43.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472927/; classtype:trojan-activity;sid:84336027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.182.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472926/; classtype:trojan-activity;sid:84336026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.47.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472924/; classtype:trojan-activity;sid:84336024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.26.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472925/; classtype:trojan-activity;sid:84336025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.7.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472923/; classtype:trojan-activity;sid:84336023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.215.220.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472922/; classtype:trojan-activity;sid:84336022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.107.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472921/; classtype:trojan-activity;sid:84336021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472903/; classtype:trojan-activity;sid:84336003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472904)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472904/; classtype:trojan-activity;sid:84336004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472905)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472905/; classtype:trojan-activity;sid:84336005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472906)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472906/; classtype:trojan-activity;sid:84336006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472907)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472907/; classtype:trojan-activity;sid:84336007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472908)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472908/; classtype:trojan-activity;sid:84336008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472909)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472909/; classtype:trojan-activity;sid:84336009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472910)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472910/; classtype:trojan-activity;sid:84336010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472911)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472911/; classtype:trojan-activity;sid:84336011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472912)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472912/; classtype:trojan-activity;sid:84336012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472913)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472913/; classtype:trojan-activity;sid:84336013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472914)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472914/; classtype:trojan-activity;sid:84336014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472915)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472915/; classtype:trojan-activity;sid:84336015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472916)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472916/; classtype:trojan-activity;sid:84336016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472917)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472917/; classtype:trojan-activity;sid:84336017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472918)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472918/; classtype:trojan-activity;sid:84336018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472919)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472919/; classtype:trojan-activity;sid:84336019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472920)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472920/; classtype:trojan-activity;sid:84336020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.38.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472902/; classtype:trojan-activity;sid:84336002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.190.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472901/; classtype:trojan-activity;sid:84336001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472900)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptocommsetup.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"techspotnet.tech"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472900/; classtype:trojan-activity;sid:84336000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.182.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472898/; classtype:trojan-activity;sid:84335998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.245.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472899/; classtype:trojan-activity;sid:84335999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.205.55.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472897/; classtype:trojan-activity;sid:84335997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.230.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472896/; classtype:trojan-activity;sid:84335996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.38.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472895/; classtype:trojan-activity;sid:84335995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.47.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472894/; classtype:trojan-activity;sid:84335994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472893/; classtype:trojan-activity;sid:84335993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.28.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472892/; classtype:trojan-activity;sid:84335992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.245.3.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472891/; classtype:trojan-activity;sid:84335991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.72.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472890/; classtype:trojan-activity;sid:84335990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472889/; classtype:trojan-activity;sid:84335989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472884/; classtype:trojan-activity;sid:84335984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.53.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472885/; classtype:trojan-activity;sid:84335985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.243.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472886/; classtype:trojan-activity;sid:84335986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.154.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472887/; classtype:trojan-activity;sid:84335987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.191.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472888/; classtype:trojan-activity;sid:84335988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472883/; classtype:trojan-activity;sid:84335983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472882/; classtype:trojan-activity;sid:84335982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472881/; classtype:trojan-activity;sid:84335981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.36.152.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472880/; classtype:trojan-activity;sid:84335980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.108.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472879/; classtype:trojan-activity;sid:84335979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472877/; classtype:trojan-activity;sid:84335977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.219.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472878/; classtype:trojan-activity;sid:84335978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472875/; classtype:trojan-activity;sid:84335975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.130.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472876/; classtype:trojan-activity;sid:84335976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472874/; classtype:trojan-activity;sid:84335974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472873/; classtype:trojan-activity;sid:84335973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472872/; classtype:trojan-activity;sid:84335972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.205.55.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472871/; classtype:trojan-activity;sid:84335971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.19.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472870/; classtype:trojan-activity;sid:84335970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.59.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472869/; classtype:trojan-activity;sid:84335969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.102.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472868/; classtype:trojan-activity;sid:84335968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.72.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472866/; classtype:trojan-activity;sid:84335966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.230.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472867/; classtype:trojan-activity;sid:84335967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.69.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472865/; classtype:trojan-activity;sid:84335965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.134.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472864/; classtype:trojan-activity;sid:84335964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.69.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472863/; classtype:trojan-activity;sid:84335963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472862)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.fafot.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472862/; classtype:trojan-activity;sid:84335962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.9.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472861/; classtype:trojan-activity;sid:84335961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.19.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472860/; classtype:trojan-activity;sid:84335960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.134.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472859/; classtype:trojan-activity;sid:84335959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.102.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472858/; classtype:trojan-activity;sid:84335958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.74.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472857/; classtype:trojan-activity;sid:84335957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.73.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472856/; classtype:trojan-activity;sid:84335956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.170.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472855/; classtype:trojan-activity;sid:84335955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.9.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472854/; classtype:trojan-activity;sid:84335954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472852/; classtype:trojan-activity;sid:84335952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.244.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472853/; classtype:trojan-activity;sid:84335953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472850)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472850/; classtype:trojan-activity;sid:84335950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472851)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472851/; classtype:trojan-activity;sid:84335951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472834)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.223.20.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472834/; classtype:trojan-activity;sid:84335934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472835)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.223.20.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472835/; classtype:trojan-activity;sid:84335935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472836/; classtype:trojan-activity;sid:84335936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472837/; classtype:trojan-activity;sid:84335937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472838/; classtype:trojan-activity;sid:84335938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472839/; classtype:trojan-activity;sid:84335939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472840/; classtype:trojan-activity;sid:84335940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472841/; classtype:trojan-activity;sid:84335941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472842)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.223.20.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472842/; classtype:trojan-activity;sid:84335942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472843)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472843/; classtype:trojan-activity;sid:84335943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472844)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472844/; classtype:trojan-activity;sid:84335944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472845)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472845/; classtype:trojan-activity;sid:84335945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472846)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472846/; classtype:trojan-activity;sid:84335946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472847)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472847/; classtype:trojan-activity;sid:84335947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472848)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472848/; classtype:trojan-activity;sid:84335948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472849)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.35.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472849/; classtype:trojan-activity;sid:84335949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472833/; classtype:trojan-activity;sid:84335933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.203.68.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472832/; classtype:trojan-activity;sid:84335932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.94.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472831/; classtype:trojan-activity;sid:84335931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.255.13.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472830/; classtype:trojan-activity;sid:84335930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472829/; classtype:trojan-activity;sid:84335929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.185.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472828/; classtype:trojan-activity;sid:84335928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.56.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472827/; classtype:trojan-activity;sid:84335927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.82.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472825/; classtype:trojan-activity;sid:84335925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.126.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472826/; classtype:trojan-activity;sid:84335926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.227.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472824/; classtype:trojan-activity;sid:84335924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.108.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472823/; classtype:trojan-activity;sid:84335923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.188.175.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472822/; classtype:trojan-activity;sid:84335922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.190.102.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472821/; classtype:trojan-activity;sid:84335921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.5.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472820/; classtype:trojan-activity;sid:84335920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.78.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472819/; classtype:trojan-activity;sid:84335919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.181.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472818/; classtype:trojan-activity;sid:84335918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.244.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472817/; classtype:trojan-activity;sid:84335917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472816)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rap.linkpc.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472816/; classtype:trojan-activity;sid:84335916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.92.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472815/; classtype:trojan-activity;sid:84335915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.59.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472814/; classtype:trojan-activity;sid:84335914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.152.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472813/; classtype:trojan-activity;sid:84335913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.106.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472812/; classtype:trojan-activity;sid:84335912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.115.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472811/; classtype:trojan-activity;sid:84335911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.146.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472810/; classtype:trojan-activity;sid:84335910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472808/; classtype:trojan-activity;sid:84335908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.45.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472809/; classtype:trojan-activity;sid:84335909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.92.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472807/; classtype:trojan-activity;sid:84335907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.21.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472806/; classtype:trojan-activity;sid:84335906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.127.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472805/; classtype:trojan-activity;sid:84335905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.51.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472804/; classtype:trojan-activity;sid:84335904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.146.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472803/; classtype:trojan-activity;sid:84335903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.106.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472802/; classtype:trojan-activity;sid:84335902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472801/; classtype:trojan-activity;sid:84335901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.160.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472800/; classtype:trojan-activity;sid:84335900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472799/; classtype:trojan-activity;sid:84335899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472798/; classtype:trojan-activity;sid:84335898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472797/; classtype:trojan-activity;sid:84335897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472796/; classtype:trojan-activity;sid:84335896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.193.73.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472795/; classtype:trojan-activity;sid:84335895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.222.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472794/; classtype:trojan-activity;sid:84335894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.78.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472793/; classtype:trojan-activity;sid:84335893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472792/; classtype:trojan-activity;sid:84335892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.115.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472791/; classtype:trojan-activity;sid:84335891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.155.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472790/; classtype:trojan-activity;sid:84335890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.160.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472789/; classtype:trojan-activity;sid:84335889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.78.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472788/; classtype:trojan-activity;sid:84335888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.142.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472787/; classtype:trojan-activity;sid:84335887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.152.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472786/; classtype:trojan-activity;sid:84335886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.78.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472785/; classtype:trojan-activity;sid:84335885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.146.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472784/; classtype:trojan-activity;sid:84335884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.9.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472783/; classtype:trojan-activity;sid:84335883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.146.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472782/; classtype:trojan-activity;sid:84335882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.135.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472781/; classtype:trojan-activity;sid:84335881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472780/; classtype:trojan-activity;sid:84335880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.178.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472779/; classtype:trojan-activity;sid:84335879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.155.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472778/; classtype:trojan-activity;sid:84335878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.127.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472777/; classtype:trojan-activity;sid:84335877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472776/; classtype:trojan-activity;sid:84335876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.169.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472775/; classtype:trojan-activity;sid:84335875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472774)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.hotuv.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472774/; classtype:trojan-activity;sid:84335874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.234.159.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472773/; classtype:trojan-activity;sid:84335873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.9.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472772/; classtype:trojan-activity;sid:84335872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472770)"; flow:established,from_client; content:"GET"; http_method; content:"/cc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472770/; classtype:trojan-activity;sid:84335870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472771)"; flow:established,from_client; content:"GET"; http_method; content:"/ujkflzer45sc0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472771/; classtype:trojan-activity;sid:84335871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472769)"; flow:established,from_client; content:"GET"; http_method; content:"/fdfcc.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472769/; classtype:trojan-activity;sid:84335869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.115.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472768/; classtype:trojan-activity;sid:84335868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.225.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472767/; classtype:trojan-activity;sid:84335867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472766/; classtype:trojan-activity;sid:84335866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472765/; classtype:trojan-activity;sid:84335865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.222.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472764/; classtype:trojan-activity;sid:84335864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472763/; classtype:trojan-activity;sid:84335863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472762)"; flow:established,from_client; content:"GET"; http_method; content:"/ornidx61.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.61.43.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472762/; classtype:trojan-activity;sid:84335862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472761)"; flow:established,from_client; content:"GET"; http_method; content:"/leqrdibjvs11.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.29.8.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472761/; classtype:trojan-activity;sid:84335861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472760)"; flow:established,from_client; content:"GET"; http_method; content:"/dvqujb31.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.29.8.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472760/; classtype:trojan-activity;sid:84335860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472759)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.cyhym.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472759/; classtype:trojan-activity;sid:84335859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472758/; classtype:trojan-activity;sid:84335858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.234.159.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472757/; classtype:trojan-activity;sid:84335857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.103.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472756/; classtype:trojan-activity;sid:84335856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472755)"; flow:established,from_client; content:"GET"; http_method; content:"/miza.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aceyonca.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472755/; classtype:trojan-activity;sid:84335855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.201.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472754/; classtype:trojan-activity;sid:84335854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.131.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472753/; classtype:trojan-activity;sid:84335853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.15.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472752/; classtype:trojan-activity;sid:84335852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472751)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oeswu2rimec8qfghbpvjyczwpnn_rsyq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472751/; classtype:trojan-activity;sid:84335851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.136.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472750/; classtype:trojan-activity;sid:84335850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.2.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472749/; classtype:trojan-activity;sid:84335849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.101.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472748/; classtype:trojan-activity;sid:84335848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472747/; classtype:trojan-activity;sid:84335847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.81.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472746/; classtype:trojan-activity;sid:84335846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.201.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472745/; classtype:trojan-activity;sid:84335845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.15.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472744/; classtype:trojan-activity;sid:84335844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.97.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472743/; classtype:trojan-activity;sid:84335843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472742/; classtype:trojan-activity;sid:84335842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.30.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472741/; classtype:trojan-activity;sid:84335841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.117.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472740/; classtype:trojan-activity;sid:84335840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.45.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472739/; classtype:trojan-activity;sid:84335839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.124.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472738/; classtype:trojan-activity;sid:84335838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.114.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472737/; classtype:trojan-activity;sid:84335837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.136.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472736/; classtype:trojan-activity;sid:84335836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.33.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472735/; classtype:trojan-activity;sid:84335835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472734/; classtype:trojan-activity;sid:84335834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.124.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472733/; classtype:trojan-activity;sid:84335833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472732/; classtype:trojan-activity;sid:84335832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.50.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472731/; classtype:trojan-activity;sid:84335831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.104.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472730/; classtype:trojan-activity;sid:84335830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.52.79"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472729/; classtype:trojan-activity;sid:84335829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472727/; classtype:trojan-activity;sid:84335827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.163.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472728/; classtype:trojan-activity;sid:84335828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.128.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472726/; classtype:trojan-activity;sid:84335826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.97.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472725/; classtype:trojan-activity;sid:84335825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472724)"; flow:established,from_client; content:"GET"; http_method; content:"/code.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bytes.microstorage.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472724/; classtype:trojan-activity;sid:84335824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.255.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472723/; classtype:trojan-activity;sid:84335823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.122.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472722/; classtype:trojan-activity;sid:84335822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.50.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472721/; classtype:trojan-activity;sid:84335821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472720)"; flow:established,from_client; content:"GET"; http_method; content:"/eula.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adityahotel.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472720/; classtype:trojan-activity;sid:84335820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472719)"; flow:established,from_client; content:"GET"; http_method; content:"/client1.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.149.146.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472719/; classtype:trojan-activity;sid:84335819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472718)"; flow:established,from_client; content:"GET"; http_method; content:"/33.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lakestreetsolar.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472718/; classtype:trojan-activity;sid:84335818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472717)"; flow:established,from_client; content:"GET"; http_method; content:"/update.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.neoarchiinc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472717/; classtype:trojan-activity;sid:84335817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472715)"; flow:established,from_client; content:"GET"; http_method; content:"/pcicapi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zaikacakes.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472715/; classtype:trojan-activity;sid:84335815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472716)"; flow:established,from_client; content:"GET"; http_method; content:"/comcat2.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"theneerbreak.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472716/; classtype:trojan-activity;sid:84335816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472714)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"poormet.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472714/; classtype:trojan-activity;sid:84335814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472707)"; flow:established,from_client; content:"GET"; http_method; content:"/folder.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fakenotesandclonedcards.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472707/; classtype:trojan-activity;sid:84335807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472708)"; flow:established,from_client; content:"GET"; http_method; content:"/euler.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"urethaneai.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472708/; classtype:trojan-activity;sid:84335808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472709)"; flow:established,from_client; content:"GET"; http_method; content:"/woot.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"terrenalia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472709/; classtype:trojan-activity;sid:84335809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472710)"; flow:established,from_client; content:"GET"; http_method; content:"/euler.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"artplantsindia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472710/; classtype:trojan-activity;sid:84335810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472711)"; flow:established,from_client; content:"GET"; http_method; content:"/work/222.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"parkerlabs.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472711/; classtype:trojan-activity;sid:84335811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472712)"; flow:established,from_client; content:"GET"; http_method; content:"/trust.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"terrenalia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472712/; classtype:trojan-activity;sid:84335812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472713)"; flow:established,from_client; content:"GET"; http_method; content:"/333.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"verifiedtasks.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472713/; classtype:trojan-activity;sid:84335813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472704)"; flow:established,from_client; content:"GET"; http_method; content:"/33.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"foxauthority.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472704/; classtype:trojan-activity;sid:84335804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472705)"; flow:established,from_client; content:"GET"; http_method; content:"/nskbfltr.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kusal.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472705/; classtype:trojan-activity;sid:84335805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472706)"; flow:established,from_client; content:"GET"; http_method; content:"/panmap.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"kusal.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472706/; classtype:trojan-activity;sid:84335806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472703/; classtype:trojan-activity;sid:84335803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.215.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472702/; classtype:trojan-activity;sid:84335802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472701)"; flow:established,from_client; content:"GET"; http_method; content:"/wiatrace.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"thetileboutique.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472701/; classtype:trojan-activity;sid:84335801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.117.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472700/; classtype:trojan-activity;sid:84335800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.124.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472699/; classtype:trojan-activity;sid:84335799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.163.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472698/; classtype:trojan-activity;sid:84335798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.231.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472697/; classtype:trojan-activity;sid:84335797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472696/; classtype:trojan-activity;sid:84335796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.212.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472695/; classtype:trojan-activity;sid:84335795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472694/; classtype:trojan-activity;sid:84335794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.72.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472693/; classtype:trojan-activity;sid:84335793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.122.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472691/; classtype:trojan-activity;sid:84335791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.70.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472692/; classtype:trojan-activity;sid:84335792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.124.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472690/; classtype:trojan-activity;sid:84335790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.212.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472689/; classtype:trojan-activity;sid:84335789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.215.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472688/; classtype:trojan-activity;sid:84335788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.51.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472687/; classtype:trojan-activity;sid:84335787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472686/; classtype:trojan-activity;sid:84335786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472682/; classtype:trojan-activity;sid:84335782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472683/; classtype:trojan-activity;sid:84335783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472684/; classtype:trojan-activity;sid:84335784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.125.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472685/; classtype:trojan-activity;sid:84335785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.148.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472681/; classtype:trojan-activity;sid:84335781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.66.165.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472679/; classtype:trojan-activity;sid:84335779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.109.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472680/; classtype:trojan-activity;sid:84335780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472678/; classtype:trojan-activity;sid:84335778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.237.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472677/; classtype:trojan-activity;sid:84335777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.72.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472676/; classtype:trojan-activity;sid:84335776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472675)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472675/; classtype:trojan-activity;sid:84335775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.52.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472674/; classtype:trojan-activity;sid:84335774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.237.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472673/; classtype:trojan-activity;sid:84335773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.220.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472672/; classtype:trojan-activity;sid:84335772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.70.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472671/; classtype:trojan-activity;sid:84335771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.51.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472670/; classtype:trojan-activity;sid:84335770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.102.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472669/; classtype:trojan-activity;sid:84335769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.86.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472667/; classtype:trojan-activity;sid:84335767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.75.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472668/; classtype:trojan-activity;sid:84335768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472666/; classtype:trojan-activity;sid:84335766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.51.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472665/; classtype:trojan-activity;sid:84335765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.253.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472663/; classtype:trojan-activity;sid:84335763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.110.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472664/; classtype:trojan-activity;sid:84335764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472662/; classtype:trojan-activity;sid:84335762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472661/; classtype:trojan-activity;sid:84335761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.220.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472660/; classtype:trojan-activity;sid:84335760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.180.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472659/; classtype:trojan-activity;sid:84335759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.231.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472658/; classtype:trojan-activity;sid:84335758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.75.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472657/; classtype:trojan-activity;sid:84335757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.10.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472656/; classtype:trojan-activity;sid:84335756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472655/; classtype:trojan-activity;sid:84335755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.110.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472654/; classtype:trojan-activity;sid:84335754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.102.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472653/; classtype:trojan-activity;sid:84335753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.86.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472652/; classtype:trojan-activity;sid:84335752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.15.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472651/; classtype:trojan-activity;sid:84335751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.180.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472650/; classtype:trojan-activity;sid:84335750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.30.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472649/; classtype:trojan-activity;sid:84335749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.105.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472648/; classtype:trojan-activity;sid:84335748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.0.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472647/; classtype:trojan-activity;sid:84335747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.249.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472646/; classtype:trojan-activity;sid:84335746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472645/; classtype:trojan-activity;sid:84335745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.105.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472644/; classtype:trojan-activity;sid:84335744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.253.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472643/; classtype:trojan-activity;sid:84335743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.182.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472642/; classtype:trojan-activity;sid:84335742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.21.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472641/; classtype:trojan-activity;sid:84335741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.70.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472640/; classtype:trojan-activity;sid:84335740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.175.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472639/; classtype:trojan-activity;sid:84335739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.107.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472638/; classtype:trojan-activity;sid:84335738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.74.225.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472637/; classtype:trojan-activity;sid:84335737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.49.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472636/; classtype:trojan-activity;sid:84335736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.0.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472635/; classtype:trojan-activity;sid:84335735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.105.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472634/; classtype:trojan-activity;sid:84335734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.175.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472632/; classtype:trojan-activity;sid:84335732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.14.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472633/; classtype:trojan-activity;sid:84335733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472630/; classtype:trojan-activity;sid:84335730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.0.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472631/; classtype:trojan-activity;sid:84335731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.70.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472629/; classtype:trojan-activity;sid:84335729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.89.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472628/; classtype:trojan-activity;sid:84335728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472627/; classtype:trojan-activity;sid:84335727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472626/; classtype:trojan-activity;sid:84335726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472625/; classtype:trojan-activity;sid:84335725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472623/; classtype:trojan-activity;sid:84335723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.24.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472624/; classtype:trojan-activity;sid:84335724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472622/; classtype:trojan-activity;sid:84335722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.27.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472621/; classtype:trojan-activity;sid:84335721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.49.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472620/; classtype:trojan-activity;sid:84335720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.225.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472619/; classtype:trojan-activity;sid:84335719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472618)"; flow:established,from_client; content:"GET"; http_method; content:"/miner/xmrig"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.253.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472618/; classtype:trojan-activity;sid:84335718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.107.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472617/; classtype:trojan-activity;sid:84335717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472616/; classtype:trojan-activity;sid:84335716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472615/; classtype:trojan-activity;sid:84335715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.39.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472614/; classtype:trojan-activity;sid:84335714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472613/; classtype:trojan-activity;sid:84335713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.50.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472612/; classtype:trojan-activity;sid:84335712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.20.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472610/; classtype:trojan-activity;sid:84335710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472611/; classtype:trojan-activity;sid:84335711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472609/; classtype:trojan-activity;sid:84335709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.31.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472608/; classtype:trojan-activity;sid:84335708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.112.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472607/; classtype:trojan-activity;sid:84335707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.20.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472606/; classtype:trojan-activity;sid:84335706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.157.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472605/; classtype:trojan-activity;sid:84335705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.205.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472604/; classtype:trojan-activity;sid:84335704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.31.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472603/; classtype:trojan-activity;sid:84335703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.101.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472602/; classtype:trojan-activity;sid:84335702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.176.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472601/; classtype:trojan-activity;sid:84335701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.95.20.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472600/; classtype:trojan-activity;sid:84335700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472599/; classtype:trojan-activity;sid:84335699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.104.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472598/; classtype:trojan-activity;sid:84335698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.249.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472597/; classtype:trojan-activity;sid:84335697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472596/; classtype:trojan-activity;sid:84335696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.176.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472595/; classtype:trojan-activity;sid:84335695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.166.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472594/; classtype:trojan-activity;sid:84335694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472590/; classtype:trojan-activity;sid:84335690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.181.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472591/; classtype:trojan-activity;sid:84335691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.179.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472592/; classtype:trojan-activity;sid:84335692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.141.35.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472593/; classtype:trojan-activity;sid:84335693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472588/; classtype:trojan-activity;sid:84335688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.137.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472589/; classtype:trojan-activity;sid:84335689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472587/; classtype:trojan-activity;sid:84335687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.207.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472585/; classtype:trojan-activity;sid:84335685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472586/; classtype:trojan-activity;sid:84335686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.205.91.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472584/; classtype:trojan-activity;sid:84335684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472583/; classtype:trojan-activity;sid:84335683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.205.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472582/; classtype:trojan-activity;sid:84335682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.64.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472581/; classtype:trojan-activity;sid:84335681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.157.253.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472580/; classtype:trojan-activity;sid:84335680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.105.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472579/; classtype:trojan-activity;sid:84335679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.94.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472578/; classtype:trojan-activity;sid:84335678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.233.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472577/; classtype:trojan-activity;sid:84335677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.95.20.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472576/; classtype:trojan-activity;sid:84335676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472575/; classtype:trojan-activity;sid:84335675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.117.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472574/; classtype:trojan-activity;sid:84335674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472573/; classtype:trojan-activity;sid:84335673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.181.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472572/; classtype:trojan-activity;sid:84335672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.65.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472571/; classtype:trojan-activity;sid:84335671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472570/; classtype:trojan-activity;sid:84335670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.105.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472569/; classtype:trojan-activity;sid:84335669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472568/; classtype:trojan-activity;sid:84335668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.157.253.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472567/; classtype:trojan-activity;sid:84335667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.91.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472566/; classtype:trojan-activity;sid:84335666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.94.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472565/; classtype:trojan-activity;sid:84335665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.1.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472564/; classtype:trojan-activity;sid:84335664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472563/; classtype:trojan-activity;sid:84335663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.83.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472562/; classtype:trojan-activity;sid:84335662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.42.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472561/; classtype:trojan-activity;sid:84335661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.149.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472560/; classtype:trojan-activity;sid:84335660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472559)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_unwed.mp3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"u1.overuseunderuse.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472559/; classtype:trojan-activity;sid:84335659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.6.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472558/; classtype:trojan-activity;sid:84335658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.210.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472557/; classtype:trojan-activity;sid:84335657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472556/; classtype:trojan-activity;sid:84335656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.155.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472555/; classtype:trojan-activity;sid:84335655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.40.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472554/; classtype:trojan-activity;sid:84335654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.191.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472553/; classtype:trojan-activity;sid:84335653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472552/; classtype:trojan-activity;sid:84335652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.65.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472551/; classtype:trojan-activity;sid:84335651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.193.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472550/; classtype:trojan-activity;sid:84335650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.24.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472549/; classtype:trojan-activity;sid:84335649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.11.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472548/; classtype:trojan-activity;sid:84335648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.42.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472547/; classtype:trojan-activity;sid:84335647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.93.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472546/; classtype:trojan-activity;sid:84335646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472545/; classtype:trojan-activity;sid:84335645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.180.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472544/; classtype:trojan-activity;sid:84335644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.21.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472543/; classtype:trojan-activity;sid:84335643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472542/; classtype:trojan-activity;sid:84335642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.51.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472541/; classtype:trojan-activity;sid:84335641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472540/; classtype:trojan-activity;sid:84335640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.40.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472539/; classtype:trojan-activity;sid:84335639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472538/; classtype:trojan-activity;sid:84335638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.191.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472536/; classtype:trojan-activity;sid:84335636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.36.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472537/; classtype:trojan-activity;sid:84335637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.11.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472535/; classtype:trojan-activity;sid:84335635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.93.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472534/; classtype:trojan-activity;sid:84335634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.232.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472532/; classtype:trojan-activity;sid:84335632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.60.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472533/; classtype:trojan-activity;sid:84335633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472531/; classtype:trojan-activity;sid:84335631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.48.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472530/; classtype:trojan-activity;sid:84335630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472529/; classtype:trojan-activity;sid:84335629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.51.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472527/; classtype:trojan-activity;sid:84335627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.180.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472528/; classtype:trojan-activity;sid:84335628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.137.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472526/; classtype:trojan-activity;sid:84335626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.217.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472525/; classtype:trojan-activity;sid:84335625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.111.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472524/; classtype:trojan-activity;sid:84335624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472523/; classtype:trojan-activity;sid:84335623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.91.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472522/; classtype:trojan-activity;sid:84335622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472521)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.222.193.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472521/; classtype:trojan-activity;sid:84335621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472520/; classtype:trojan-activity;sid:84335620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472519)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_trespass.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.overuseunderuse.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472519/; classtype:trojan-activity;sid:84335619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472518/; classtype:trojan-activity;sid:84335618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472517/; classtype:trojan-activity;sid:84335617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472516/; classtype:trojan-activity;sid:84335616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.39.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472515/; classtype:trojan-activity;sid:84335615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.166.28.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472514/; classtype:trojan-activity;sid:84335614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.91.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472512/; classtype:trojan-activity;sid:84335612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.60.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472513/; classtype:trojan-activity;sid:84335613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.122.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472511/; classtype:trojan-activity;sid:84335611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.198.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472510/; classtype:trojan-activity;sid:84335610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.217.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472508/; classtype:trojan-activity;sid:84335608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.8.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472509/; classtype:trojan-activity;sid:84335609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.43.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472506/; classtype:trojan-activity;sid:84335606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472507/; classtype:trojan-activity;sid:84335607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472505/; classtype:trojan-activity;sid:84335605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.53.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472504/; classtype:trojan-activity;sid:84335604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472503/; classtype:trojan-activity;sid:84335603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.39.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472502/; classtype:trojan-activity;sid:84335602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472501/; classtype:trojan-activity;sid:84335601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.53.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472500/; classtype:trojan-activity;sid:84335600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472499/; classtype:trojan-activity;sid:84335599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.113.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472498/; classtype:trojan-activity;sid:84335598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472497/; classtype:trojan-activity;sid:84335597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472496/; classtype:trojan-activity;sid:84335596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472495/; classtype:trojan-activity;sid:84335595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.43.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472494/; classtype:trojan-activity;sid:84335594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.198.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472493/; classtype:trojan-activity;sid:84335593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472492/; classtype:trojan-activity;sid:84335592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.91.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472491/; classtype:trojan-activity;sid:84335591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.139.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472490/; classtype:trojan-activity;sid:84335590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472489/; classtype:trojan-activity;sid:84335589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.223.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472488/; classtype:trojan-activity;sid:84335588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.224.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472486/; classtype:trojan-activity;sid:84335586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.83.96.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472487/; classtype:trojan-activity;sid:84335587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.160.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472485/; classtype:trojan-activity;sid:84335585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.38.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472482/; classtype:trojan-activity;sid:84335582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.64.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472483/; classtype:trojan-activity;sid:84335583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472484/; classtype:trojan-activity;sid:84335584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.41.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472481/; classtype:trojan-activity;sid:84335581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.216.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472478/; classtype:trojan-activity;sid:84335578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472479/; classtype:trojan-activity;sid:84335579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.33.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472480/; classtype:trojan-activity;sid:84335580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472477/; classtype:trojan-activity;sid:84335577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.39.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472476/; classtype:trojan-activity;sid:84335576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472475/; classtype:trojan-activity;sid:84335575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.107.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472474/; classtype:trojan-activity;sid:84335574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.139.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472473/; classtype:trojan-activity;sid:84335573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.224.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472472/; classtype:trojan-activity;sid:84335572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.83.96.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472471/; classtype:trojan-activity;sid:84335571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472470/; classtype:trojan-activity;sid:84335570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.223.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472469/; classtype:trojan-activity;sid:84335569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.95.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472467/; classtype:trojan-activity;sid:84335567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.156.212.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472468/; classtype:trojan-activity;sid:84335568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.188.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472465/; classtype:trojan-activity;sid:84335565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.180.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472466/; classtype:trojan-activity;sid:84335566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.182.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472464/; classtype:trojan-activity;sid:84335564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.166.28.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472463/; classtype:trojan-activity;sid:84335563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.6.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472462/; classtype:trojan-activity;sid:84335562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.123.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472461/; classtype:trojan-activity;sid:84335561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.17.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472460/; classtype:trojan-activity;sid:84335560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.95.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472459/; classtype:trojan-activity;sid:84335559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.107.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472458/; classtype:trojan-activity;sid:84335558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.156.212.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472457/; classtype:trojan-activity;sid:84335557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.181.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472456/; classtype:trojan-activity;sid:84335556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.188.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472455/; classtype:trojan-activity;sid:84335555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.92.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472454/; classtype:trojan-activity;sid:84335554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.180.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472453/; classtype:trojan-activity;sid:84335553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472452)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_shrug.mp3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"u1.overuseunderuse.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472452/; classtype:trojan-activity;sid:84335552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.12.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472451/; classtype:trojan-activity;sid:84335551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.183.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472449/; classtype:trojan-activity;sid:84335549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.10.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472450/; classtype:trojan-activity;sid:84335550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472448/; classtype:trojan-activity;sid:84335548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.1.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472447/; classtype:trojan-activity;sid:84335547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.183.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472445/; classtype:trojan-activity;sid:84335545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.150.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472446/; classtype:trojan-activity;sid:84335546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472444/; classtype:trojan-activity;sid:84335544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.47.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472442/; classtype:trojan-activity;sid:84335542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.177.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472443/; classtype:trojan-activity;sid:84335543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.23.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472440/; classtype:trojan-activity;sid:84335540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472441/; classtype:trojan-activity;sid:84335541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.70.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472437/; classtype:trojan-activity;sid:84335537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.104.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472438/; classtype:trojan-activity;sid:84335538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.123.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472439/; classtype:trojan-activity;sid:84335539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.40.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472434/; classtype:trojan-activity;sid:84335534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.122.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472435/; classtype:trojan-activity;sid:84335535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.182.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472436/; classtype:trojan-activity;sid:84335536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472433/; classtype:trojan-activity;sid:84335533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.19.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472432/; classtype:trojan-activity;sid:84335532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.6.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472431/; classtype:trojan-activity;sid:84335531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472430)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.gefeq.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472430/; classtype:trojan-activity;sid:84335530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.88.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472429/; classtype:trojan-activity;sid:84335529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.239.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472428/; classtype:trojan-activity;sid:84335528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.200.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472427/; classtype:trojan-activity;sid:84335527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.239.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472426/; classtype:trojan-activity;sid:84335526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472425)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_recent.mp3"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"u1.overuseunderuse.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472425/; classtype:trojan-activity;sid:84335525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472424/; classtype:trojan-activity;sid:84335524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472423/; classtype:trojan-activity;sid:84335523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472422/; classtype:trojan-activity;sid:84335522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.239.105.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472421/; classtype:trojan-activity;sid:84335521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.105.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472420/; classtype:trojan-activity;sid:84335520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472419)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"13.57.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472419/; classtype:trojan-activity;sid:84335519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472418)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"54.198.165.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472418/; classtype:trojan-activity;sid:84335518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472417)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_nanny.mp3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"u1.overuseunderuse.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472417/; classtype:trojan-activity;sid:84335517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472416/; classtype:trojan-activity;sid:84335516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472415/; classtype:trojan-activity;sid:84335515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.75.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472413/; classtype:trojan-activity;sid:84335513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.201.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472414/; classtype:trojan-activity;sid:84335514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.122.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472412/; classtype:trojan-activity;sid:84335512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472411/; classtype:trojan-activity;sid:84335511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.9.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472410/; classtype:trojan-activity;sid:84335510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.9.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472409/; classtype:trojan-activity;sid:84335509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472408)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_large.mp3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"u1.overuseunderuse.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472408/; classtype:trojan-activity;sid:84335508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472407/; classtype:trojan-activity;sid:84335507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.160.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472406/; classtype:trojan-activity;sid:84335506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.160.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472405/; classtype:trojan-activity;sid:84335505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.38.222.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472404/; classtype:trojan-activity;sid:84335504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.51.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472403/; classtype:trojan-activity;sid:84335503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.191.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472402/; classtype:trojan-activity;sid:84335502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472401/; classtype:trojan-activity;sid:84335501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.44.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472400/; classtype:trojan-activity;sid:84335500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472399)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_judicial.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.overuseunderuse.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472399/; classtype:trojan-activity;sid:84335499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472398)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jorah.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472398/; classtype:trojan-activity;sid:84335498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472397)"; flow:established,from_client; content:"GET"; http_method; content:"/straightahead.mp3"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jekin.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472397/; classtype:trojan-activity;sid:84335497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472396)"; flow:established,from_client; content:"GET"; http_method; content:"/freshbodyshop.mp3"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"perent4.ganderbrisklyonly.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472396/; classtype:trojan-activity;sid:84335496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472395)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.174.11.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472395/; classtype:trojan-activity;sid:84335495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472394)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.34.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472394/; classtype:trojan-activity;sid:84335494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472393)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.92.48.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472393/; classtype:trojan-activity;sid:84335493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.84.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472392/; classtype:trojan-activity;sid:84335492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472391)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.143.1.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472391/; classtype:trojan-activity;sid:84335491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.255.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472390/; classtype:trojan-activity;sid:84335490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.43.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472389/; classtype:trojan-activity;sid:84335489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.177.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472388/; classtype:trojan-activity;sid:84335488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.44.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472387/; classtype:trojan-activity;sid:84335487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472386)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_proton.mp3"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472386/; classtype:trojan-activity;sid:84335486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472385/; classtype:trojan-activity;sid:84335485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.15.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472384/; classtype:trojan-activity;sid:84335484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.181.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472379/; classtype:trojan-activity;sid:84335479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.10.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472380/; classtype:trojan-activity;sid:84335480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.170.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472381/; classtype:trojan-activity;sid:84335481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.64.145.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472382/; classtype:trojan-activity;sid:84335482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.240.211.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472383/; classtype:trojan-activity;sid:84335483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472378/; classtype:trojan-activity;sid:84335478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.36.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472376/; classtype:trojan-activity;sid:84335476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472377/; classtype:trojan-activity;sid:84335477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472375/; classtype:trojan-activity;sid:84335475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.213.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472374/; classtype:trojan-activity;sid:84335474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472373)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.234.200.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472373/; classtype:trojan-activity;sid:84335473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.108.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472372/; classtype:trojan-activity;sid:84335472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.253.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472371/; classtype:trojan-activity;sid:84335471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.45.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472370/; classtype:trojan-activity;sid:84335470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.50.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472369/; classtype:trojan-activity;sid:84335469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472368/; classtype:trojan-activity;sid:84335468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.108.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472367/; classtype:trojan-activity;sid:84335467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.35.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472366/; classtype:trojan-activity;sid:84335466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.79.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472364/; classtype:trojan-activity;sid:84335464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.241.146.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472365/; classtype:trojan-activity;sid:84335465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.23.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472363/; classtype:trojan-activity;sid:84335463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472362)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.givus.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472362/; classtype:trojan-activity;sid:84335462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.79.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472361/; classtype:trojan-activity;sid:84335461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.47.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472360/; classtype:trojan-activity;sid:84335460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472359)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472359/; classtype:trojan-activity;sid:84335459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472344)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472344/; classtype:trojan-activity;sid:84335444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472345)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472345/; classtype:trojan-activity;sid:84335445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472346)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472346/; classtype:trojan-activity;sid:84335446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472347)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472347/; classtype:trojan-activity;sid:84335447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472348)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472348/; classtype:trojan-activity;sid:84335448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472349)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472349/; classtype:trojan-activity;sid:84335449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472350)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472350/; classtype:trojan-activity;sid:84335450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472351)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472351/; classtype:trojan-activity;sid:84335451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472352)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472352/; classtype:trojan-activity;sid:84335452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472353)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472353/; classtype:trojan-activity;sid:84335453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472354)"; flow:established,from_client; content:"GET"; http_method; content:"/main_spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472354/; classtype:trojan-activity;sid:84335454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472355)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_i468"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472355/; classtype:trojan-activity;sid:84335455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472356)"; flow:established,from_client; content:"GET"; http_method; content:"/main_i468"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472356/; classtype:trojan-activity;sid:84335456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472357/; classtype:trojan-activity;sid:84335457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472358)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472358/; classtype:trojan-activity;sid:84335458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472342/; classtype:trojan-activity;sid:84335442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472343/; classtype:trojan-activity;sid:84335443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472327)"; flow:established,from_client; content:"GET"; http_method; content:"/main_i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472327/; classtype:trojan-activity;sid:84335427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472328/; classtype:trojan-activity;sid:84335428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472329/; classtype:trojan-activity;sid:84335429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472330/; classtype:trojan-activity;sid:84335430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472331/; classtype:trojan-activity;sid:84335431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472332)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472332/; classtype:trojan-activity;sid:84335432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472333/; classtype:trojan-activity;sid:84335433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472334/; classtype:trojan-activity;sid:84335434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472335/; classtype:trojan-activity;sid:84335435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472336)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472336/; classtype:trojan-activity;sid:84335436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472337)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472337/; classtype:trojan-activity;sid:84335437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472338/; classtype:trojan-activity;sid:84335438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472339)"; flow:established,from_client; content:"GET"; http_method; content:"/earyzq"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472339/; classtype:trojan-activity;sid:84335439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472340)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472340/; classtype:trojan-activity;sid:84335440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472341)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/main_m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472341/; classtype:trojan-activity;sid:84335441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472315)"; flow:established,from_client; content:"GET"; http_method; content:"/vtyhat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472315/; classtype:trojan-activity;sid:84335415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472316)"; flow:established,from_client; content:"GET"; http_method; content:"/qtmzbn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472316/; classtype:trojan-activity;sid:84335416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472317)"; flow:established,from_client; content:"GET"; http_method; content:"/adcvds"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472317/; classtype:trojan-activity;sid:84335417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472318)"; flow:established,from_client; content:"GET"; http_method; content:"/atxhua"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472318/; classtype:trojan-activity;sid:84335418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472319)"; flow:established,from_client; content:"GET"; http_method; content:"/cemtop"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472319/; classtype:trojan-activity;sid:84335419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472320)"; flow:established,from_client; content:"GET"; http_method; content:"/ajoomk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472320/; classtype:trojan-activity;sid:84335420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472321)"; flow:established,from_client; content:"GET"; http_method; content:"/vvglma"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472321/; classtype:trojan-activity;sid:84335421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472322)"; flow:established,from_client; content:"GET"; http_method; content:"/fwdfvf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472322/; classtype:trojan-activity;sid:84335422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472323)"; flow:established,from_client; content:"GET"; http_method; content:"/lnkfmx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472323/; classtype:trojan-activity;sid:84335423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472324)"; flow:established,from_client; content:"GET"; http_method; content:"/nvitpj"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472324/; classtype:trojan-activity;sid:84335424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472325)"; flow:established,from_client; content:"GET"; http_method; content:"/qvmxvl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472325/; classtype:trojan-activity;sid:84335425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472326)"; flow:established,from_client; content:"GET"; http_method; content:"/razdzn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472326/; classtype:trojan-activity;sid:84335426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472314/; classtype:trojan-activity;sid:84335414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.241.146.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472313/; classtype:trojan-activity;sid:84335413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472312/; classtype:trojan-activity;sid:84335412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472311)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/746236999756677280/1348316335238549524/lost_in_winter.exe|3f|ex=67cf04f0|7c|26|7c|is=67cdb370|7c|26|7c|hm=006721d83430ac10083b54e5bd3160a4410562658f800058e3b7f024728c91ea|7c|26|7c|"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472311/; classtype:trojan-activity;sid:84335411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.141.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472310/; classtype:trojan-activity;sid:84335410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.83.17.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472309/; classtype:trojan-activity;sid:84335409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.33.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472308/; classtype:trojan-activity;sid:84335408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.47.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472307/; classtype:trojan-activity;sid:84335407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.209.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472306/; classtype:trojan-activity;sid:84335406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472305/; classtype:trojan-activity;sid:84335405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472304/; classtype:trojan-activity;sid:84335404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.135.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472303/; classtype:trojan-activity;sid:84335403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.195.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472302/; classtype:trojan-activity;sid:84335402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.83.17.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472301/; classtype:trojan-activity;sid:84335401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472300/; classtype:trojan-activity;sid:84335400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472299/; classtype:trojan-activity;sid:84335399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.38.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472298/; classtype:trojan-activity;sid:84335398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.218.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472297/; classtype:trojan-activity;sid:84335397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472296)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_elves.mp3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472296/; classtype:trojan-activity;sid:84335396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472295/; classtype:trojan-activity;sid:84335395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.209.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472294/; classtype:trojan-activity;sid:84335394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.195.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472293/; classtype:trojan-activity;sid:84335393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472292/; classtype:trojan-activity;sid:84335392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472291/; classtype:trojan-activity;sid:84335391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.123.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472290/; classtype:trojan-activity;sid:84335390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.143.1.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472289/; classtype:trojan-activity;sid:84335389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472288/; classtype:trojan-activity;sid:84335388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.126.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472287/; classtype:trojan-activity;sid:84335387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.36.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472286/; classtype:trojan-activity;sid:84335386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472285)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.wohur.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472285/; classtype:trojan-activity;sid:84335385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.218.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472284/; classtype:trojan-activity;sid:84335384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.89.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472283/; classtype:trojan-activity;sid:84335383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.36.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472282/; classtype:trojan-activity;sid:84335382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472281/; classtype:trojan-activity;sid:84335381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472280)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.83.95.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472280/; classtype:trojan-activity;sid:84335380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472279)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472279/; classtype:trojan-activity;sid:84335379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472278)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.tunep.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472278/; classtype:trojan-activity;sid:84335378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.97.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472277/; classtype:trojan-activity;sid:84335377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.18.170.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472276/; classtype:trojan-activity;sid:84335376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.190.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472275/; classtype:trojan-activity;sid:84335375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.200.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472274/; classtype:trojan-activity;sid:84335374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.40.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472273/; classtype:trojan-activity;sid:84335373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.104.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472272/; classtype:trojan-activity;sid:84335372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472271)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_cosmos.mp3"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472271/; classtype:trojan-activity;sid:84335371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.94.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472270/; classtype:trojan-activity;sid:84335370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472269)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472269/; classtype:trojan-activity;sid:84335369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472268/; classtype:trojan-activity;sid:84335368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.137.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472266/; classtype:trojan-activity;sid:84335366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.87.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472267/; classtype:trojan-activity;sid:84335367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.5.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472265/; classtype:trojan-activity;sid:84335365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.149.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472264/; classtype:trojan-activity;sid:84335364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472263/; classtype:trojan-activity;sid:84335363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472262/; classtype:trojan-activity;sid:84335362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.200.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472261/; classtype:trojan-activity;sid:84335361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.47.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472260/; classtype:trojan-activity;sid:84335360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.108"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472259/; classtype:trojan-activity;sid:84335359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472258/; classtype:trojan-activity;sid:84335358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.12.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472257/; classtype:trojan-activity;sid:84335357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.104.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472256/; classtype:trojan-activity;sid:84335356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.105.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472255/; classtype:trojan-activity;sid:84335355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.47.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472254/; classtype:trojan-activity;sid:84335354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.95.212.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472253/; classtype:trojan-activity;sid:84335353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.12.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472252/; classtype:trojan-activity;sid:84335352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.180.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472251/; classtype:trojan-activity;sid:84335351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472250/; classtype:trojan-activity;sid:84335350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.27.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472249/; classtype:trojan-activity;sid:84335349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472248/; classtype:trojan-activity;sid:84335348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.105.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472247/; classtype:trojan-activity;sid:84335347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.219.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472246/; classtype:trojan-activity;sid:84335346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.148.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472245/; classtype:trojan-activity;sid:84335345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.25.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472244/; classtype:trojan-activity;sid:84335344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.158.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472243/; classtype:trojan-activity;sid:84335343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.9.108"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472242/; classtype:trojan-activity;sid:84335342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.95.212.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472241/; classtype:trojan-activity;sid:84335341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472240)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_carwash.mp3"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472240/; classtype:trojan-activity;sid:84335340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472239)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.xuceb.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472239/; classtype:trojan-activity;sid:84335339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.113.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472238/; classtype:trojan-activity;sid:84335338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472237)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.kacoz.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472237/; classtype:trojan-activity;sid:84335337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.25.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472236/; classtype:trojan-activity;sid:84335336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.53.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472235/; classtype:trojan-activity;sid:84335335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.25.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472234/; classtype:trojan-activity;sid:84335334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472233/; classtype:trojan-activity;sid:84335333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.113.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472232/; classtype:trojan-activity;sid:84335332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.195.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472231/; classtype:trojan-activity;sid:84335331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.234.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472230/; classtype:trojan-activity;sid:84335330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.0.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472229/; classtype:trojan-activity;sid:84335329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472228)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6860984455/hhpgdsi.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472228/; classtype:trojan-activity;sid:84335328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472227)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5666444957/vkdwchj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472227/; classtype:trojan-activity;sid:84335327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472226)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6386900832/pfohmro.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472226/; classtype:trojan-activity;sid:84335326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472225/; classtype:trojan-activity;sid:84335325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.153.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472224/; classtype:trojan-activity;sid:84335324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.53.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472223/; classtype:trojan-activity;sid:84335323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472222/; classtype:trojan-activity;sid:84335322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.25.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472221/; classtype:trojan-activity;sid:84335321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.1.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472220/; classtype:trojan-activity;sid:84335320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.93.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472219/; classtype:trojan-activity;sid:84335319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.201.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472218/; classtype:trojan-activity;sid:84335318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.97.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472217/; classtype:trojan-activity;sid:84335317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.234.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472216/; classtype:trojan-activity;sid:84335316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.195.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472215/; classtype:trojan-activity;sid:84335315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472214)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_trespass.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472214/; classtype:trojan-activity;sid:84335314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.253.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472213/; classtype:trojan-activity;sid:84335313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.166.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472212/; classtype:trojan-activity;sid:84335312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.66.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472211/; classtype:trojan-activity;sid:84335311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472210/; classtype:trojan-activity;sid:84335310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.1.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472209/; classtype:trojan-activity;sid:84335309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472208)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.cicyb.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472208/; classtype:trojan-activity;sid:84335308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472207/; classtype:trojan-activity;sid:84335307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472206)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy/fantazy.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.67.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472206/; classtype:trojan-activity;sid:84335306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.124.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472205/; classtype:trojan-activity;sid:84335305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472204)"; flow:established,from_client; content:"GET"; http_method; content:"/fantazy.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.67.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472204/; classtype:trojan-activity;sid:84335304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.151.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472203/; classtype:trojan-activity;sid:84335303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.72.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472202/; classtype:trojan-activity;sid:84335302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.170.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472201/; classtype:trojan-activity;sid:84335301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472200/; classtype:trojan-activity;sid:84335300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472199/; classtype:trojan-activity;sid:84335299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.201.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472198/; classtype:trojan-activity;sid:84335298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.130.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472197/; classtype:trojan-activity;sid:84335297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.219.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472196/; classtype:trojan-activity;sid:84335296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.209.216.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472195/; classtype:trojan-activity;sid:84335295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.216.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472194/; classtype:trojan-activity;sid:84335294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472193)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jipuh.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472193/; classtype:trojan-activity;sid:84335293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.64.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472192/; classtype:trojan-activity;sid:84335292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.6.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472191/; classtype:trojan-activity;sid:84335291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.38.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472190/; classtype:trojan-activity;sid:84335290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.130.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472189/; classtype:trojan-activity;sid:84335289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.170.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472188/; classtype:trojan-activity;sid:84335288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472187)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.kynoc.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472187/; classtype:trojan-activity;sid:84335287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.205.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472186/; classtype:trojan-activity;sid:84335286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.61.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472185/; classtype:trojan-activity;sid:84335285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.141.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472184/; classtype:trojan-activity;sid:84335284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472183)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_bulginess.mp3"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472183/; classtype:trojan-activity;sid:84335283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.34.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472182/; classtype:trojan-activity;sid:84335282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472181/; classtype:trojan-activity;sid:84335281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472180/; classtype:trojan-activity;sid:84335280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.61.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472179/; classtype:trojan-activity;sid:84335279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472178/; classtype:trojan-activity;sid:84335278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.193.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472177/; classtype:trojan-activity;sid:84335277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472176/; classtype:trojan-activity;sid:84335276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.30.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472175/; classtype:trojan-activity;sid:84335275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.34.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472174/; classtype:trojan-activity;sid:84335274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.2.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472173/; classtype:trojan-activity;sid:84335273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.148.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472172/; classtype:trojan-activity;sid:84335272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.160.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472171/; classtype:trojan-activity;sid:84335271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472170/; classtype:trojan-activity;sid:84335270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472169/; classtype:trojan-activity;sid:84335269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.75.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472168/; classtype:trojan-activity;sid:84335268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.159.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472167/; classtype:trojan-activity;sid:84335267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.30.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472166/; classtype:trojan-activity;sid:84335266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.193.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472165/; classtype:trojan-activity;sid:84335265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.221.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472164/; classtype:trojan-activity;sid:84335264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.135.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472163/; classtype:trojan-activity;sid:84335263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.167.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472162/; classtype:trojan-activity;sid:84335262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.129.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472161/; classtype:trojan-activity;sid:84335261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472160)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472160/; classtype:trojan-activity;sid:84335260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472159)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472159/; classtype:trojan-activity;sid:84335259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472146)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472146/; classtype:trojan-activity;sid:84335246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472147)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472147/; classtype:trojan-activity;sid:84335247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472148)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472148/; classtype:trojan-activity;sid:84335248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472149)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472149/; classtype:trojan-activity;sid:84335249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472150)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/x"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472150/; classtype:trojan-activity;sid:84335250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472151)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/zyxel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472151/; classtype:trojan-activity;sid:84335251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472152)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472152/; classtype:trojan-activity;sid:84335252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472153)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472153/; classtype:trojan-activity;sid:84335253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472154)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472154/; classtype:trojan-activity;sid:84335254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472155)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472155/; classtype:trojan-activity;sid:84335255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472156)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472156/; classtype:trojan-activity;sid:84335256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472157)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472157/; classtype:trojan-activity;sid:84335257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472158)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472158/; classtype:trojan-activity;sid:84335258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472129)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472129/; classtype:trojan-activity;sid:84335229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472130)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472130/; classtype:trojan-activity;sid:84335230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472131)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472131/; classtype:trojan-activity;sid:84335231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472132)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472132/; classtype:trojan-activity;sid:84335232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472133)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472133/; classtype:trojan-activity;sid:84335233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472134)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472134/; classtype:trojan-activity;sid:84335234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472135)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472135/; classtype:trojan-activity;sid:84335235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472136)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/jaws"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472136/; classtype:trojan-activity;sid:84335236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472137)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472137/; classtype:trojan-activity;sid:84335237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472138)"; flow:established,from_client; content:"GET"; http_method; content:"/apep.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472138/; classtype:trojan-activity;sid:84335238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472139)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/u"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472139/; classtype:trojan-activity;sid:84335239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472140)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472140/; classtype:trojan-activity;sid:84335240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472141)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472141/; classtype:trojan-activity;sid:84335241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472142)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472142/; classtype:trojan-activity;sid:84335242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472143)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472143/; classtype:trojan-activity;sid:84335243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472144)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/a"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472144/; classtype:trojan-activity;sid:84335244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472145)"; flow:established,from_client; content:"GET"; http_method; content:"/lx/apep.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472145/; classtype:trojan-activity;sid:84335245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.159.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472128/; classtype:trojan-activity;sid:84335228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472127/; classtype:trojan-activity;sid:84335227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.201.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472125/; classtype:trojan-activity;sid:84335225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.235.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472126/; classtype:trojan-activity;sid:84335226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472124/; classtype:trojan-activity;sid:84335224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.122.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472123/; classtype:trojan-activity;sid:84335223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472122)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.somyq.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472122/; classtype:trojan-activity;sid:84335222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.156.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472121/; classtype:trojan-activity;sid:84335221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.179.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472120/; classtype:trojan-activity;sid:84335220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.49.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472119/; classtype:trojan-activity;sid:84335219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.164.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472118/; classtype:trojan-activity;sid:84335218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.160.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472117/; classtype:trojan-activity;sid:84335217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.235.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472116/; classtype:trojan-activity;sid:84335216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472114/; classtype:trojan-activity;sid:84335214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.201.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472115/; classtype:trojan-activity;sid:84335215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472113/; classtype:trojan-activity;sid:84335213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472112/; classtype:trojan-activity;sid:84335212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.56.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472111/; classtype:trojan-activity;sid:84335211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.121.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472110/; classtype:trojan-activity;sid:84335210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.253.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472109/; classtype:trojan-activity;sid:84335209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.86.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472108/; classtype:trojan-activity;sid:84335208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.227.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472107/; classtype:trojan-activity;sid:84335207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.216.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472106/; classtype:trojan-activity;sid:84335206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.5.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472105/; classtype:trojan-activity;sid:84335205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472104/; classtype:trojan-activity;sid:84335204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.48.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472103/; classtype:trojan-activity;sid:84335203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.220.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472102/; classtype:trojan-activity;sid:84335202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.56.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472101/; classtype:trojan-activity;sid:84335201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.227.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472100/; classtype:trojan-activity;sid:84335200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.215.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472099/; classtype:trojan-activity;sid:84335199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.216.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472098/; classtype:trojan-activity;sid:84335198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472097/; classtype:trojan-activity;sid:84335197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.79.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472096/; classtype:trojan-activity;sid:84335196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472095/; classtype:trojan-activity;sid:84335195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472094/; classtype:trojan-activity;sid:84335194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.110.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472093/; classtype:trojan-activity;sid:84335193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.61.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472092/; classtype:trojan-activity;sid:84335192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472090/; classtype:trojan-activity;sid:84335190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.123.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472091/; classtype:trojan-activity;sid:84335191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472081/; classtype:trojan-activity;sid:84335181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.230.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472082/; classtype:trojan-activity;sid:84335182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.140.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472083/; classtype:trojan-activity;sid:84335183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.35.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472084/; classtype:trojan-activity;sid:84335184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472085/; classtype:trojan-activity;sid:84335185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472086/; classtype:trojan-activity;sid:84335186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472087/; classtype:trojan-activity;sid:84335187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472088/; classtype:trojan-activity;sid:84335188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.163.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472089/; classtype:trojan-activity;sid:84335189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.20.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472080/; classtype:trojan-activity;sid:84335180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.168.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472078/; classtype:trojan-activity;sid:84335178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472079/; classtype:trojan-activity;sid:84335179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.214.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472077/; classtype:trojan-activity;sid:84335177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472076/; classtype:trojan-activity;sid:84335176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.219.79.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472075/; classtype:trojan-activity;sid:84335175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.0.251"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472074/; classtype:trojan-activity;sid:84335174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.188.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472073/; classtype:trojan-activity;sid:84335173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.72.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472072/; classtype:trojan-activity;sid:84335172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.201.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472070/; classtype:trojan-activity;sid:84335170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.175.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472071/; classtype:trojan-activity;sid:84335171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.11.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472069/; classtype:trojan-activity;sid:84335169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472068)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/prod.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472068/; classtype:trojan-activity;sid:84335168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.112.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472067/; classtype:trojan-activity;sid:84335167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472065)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/toke.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472065/; classtype:trojan-activity;sid:84335165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472066)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/si.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472066/; classtype:trojan-activity;sid:84335166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.130.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472064/; classtype:trojan-activity;sid:84335164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472063)"; flow:established,from_client; content:"GET"; http_method; content:"/_wcm_images/bea.jpg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"employees.medicalcenterclinic.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472063/; classtype:trojan-activity;sid:84335163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.24.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472062/; classtype:trojan-activity;sid:84335162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.72.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472061/; classtype:trojan-activity;sid:84335161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.5.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472060/; classtype:trojan-activity;sid:84335160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472059/; classtype:trojan-activity;sid:84335159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.215.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472058/; classtype:trojan-activity;sid:84335158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.171.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472057/; classtype:trojan-activity;sid:84335157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.11.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472056/; classtype:trojan-activity;sid:84335156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.72.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472055/; classtype:trojan-activity;sid:84335155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.231.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472054/; classtype:trojan-activity;sid:84335154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.5.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472053/; classtype:trojan-activity;sid:84335153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.239.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472052/; classtype:trojan-activity;sid:84335152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.234.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472051/; classtype:trojan-activity;sid:84335151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.14.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472050/; classtype:trojan-activity;sid:84335150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.173.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472049/; classtype:trojan-activity;sid:84335149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.234.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472048/; classtype:trojan-activity;sid:84335148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.84.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472047/; classtype:trojan-activity;sid:84335147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.239.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472046/; classtype:trojan-activity;sid:84335146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.129.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472045/; classtype:trojan-activity;sid:84335145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.231.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472044/; classtype:trojan-activity;sid:84335144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.164.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472043/; classtype:trojan-activity;sid:84335143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.191.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472042/; classtype:trojan-activity;sid:84335142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.243.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472041/; classtype:trojan-activity;sid:84335141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472040/; classtype:trojan-activity;sid:84335140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.58.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472039/; classtype:trojan-activity;sid:84335139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472038/; classtype:trojan-activity;sid:84335138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472037/; classtype:trojan-activity;sid:84335137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472036)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jilex.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472036/; classtype:trojan-activity;sid:84335136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472035/; classtype:trojan-activity;sid:84335135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.129.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472034/; classtype:trojan-activity;sid:84335134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.21.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472033/; classtype:trojan-activity;sid:84335133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.33.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472032/; classtype:trojan-activity;sid:84335132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.245.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472031/; classtype:trojan-activity;sid:84335131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.124.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472030/; classtype:trojan-activity;sid:84335130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472029)"; flow:established,from_client; content:"GET"; http_method; content:"/utgljylammnbxss200.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"204.10.160.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472029/; classtype:trojan-activity;sid:84335129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.124.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472028/; classtype:trojan-activity;sid:84335128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.193.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472027/; classtype:trojan-activity;sid:84335127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.34.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472026/; classtype:trojan-activity;sid:84335126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.142.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472025/; classtype:trojan-activity;sid:84335125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471999)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.opticus"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471999/; classtype:trojan-activity;sid:84335099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472000)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472000/; classtype:trojan-activity;sid:84335100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472001)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/aarch64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472001/; classtype:trojan-activity;sid:84335101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472002)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472002/; classtype:trojan-activity;sid:84335102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472003)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472003/; classtype:trojan-activity;sid:84335103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472004)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472004/; classtype:trojan-activity;sid:84335104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472005)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472005/; classtype:trojan-activity;sid:84335105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472006)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472006/; classtype:trojan-activity;sid:84335106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472007)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472007/; classtype:trojan-activity;sid:84335107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472008)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.opticus"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472008/; classtype:trojan-activity;sid:84335108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472009)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.opticus"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472009/; classtype:trojan-activity;sid:84335109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472010)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472010/; classtype:trojan-activity;sid:84335110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472011)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472011/; classtype:trojan-activity;sid:84335111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472012)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.opticus"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472012/; classtype:trojan-activity;sid:84335112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472013)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.opticus"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472013/; classtype:trojan-activity;sid:84335113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472014)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472014/; classtype:trojan-activity;sid:84335114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472015)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.opticus"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472015/; classtype:trojan-activity;sid:84335115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472016)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472016/; classtype:trojan-activity;sid:84335116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472017)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.opticus"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472017/; classtype:trojan-activity;sid:84335117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472018)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.opticus"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472018/; classtype:trojan-activity;sid:84335118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472019)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.opticus"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472019/; classtype:trojan-activity;sid:84335119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472020)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.opticus"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472020/; classtype:trojan-activity;sid:84335120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472021)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472021/; classtype:trojan-activity;sid:84335121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472022)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/zmips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472022/; classtype:trojan-activity;sid:84335122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472023)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.opticus"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472023/; classtype:trojan-activity;sid:84335123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472024)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.opticus"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3472024/; classtype:trojan-activity;sid:84335124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471998/; classtype:trojan-activity;sid:84335098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.243.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471997/; classtype:trojan-activity;sid:84335097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471996/; classtype:trojan-activity;sid:84335096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471995/; classtype:trojan-activity;sid:84335095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.90.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471994/; classtype:trojan-activity;sid:84335094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471993/; classtype:trojan-activity;sid:84335093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.5.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471992/; classtype:trojan-activity;sid:84335092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471991)"; flow:established,from_client; content:"GET"; http_method; content:"/mal_temp.dotm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"free-games-ua.s3.eu-central-1.amazonaws.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471991/; classtype:trojan-activity;sid:84335091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471990)"; flow:established,from_client; content:"GET"; http_method; content:"/flag-stealer.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"free-games-ua.s3.eu-central-1.amazonaws.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471990/; classtype:trojan-activity;sid:84335090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471989/; classtype:trojan-activity;sid:84335089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471988)"; flow:established,from_client; content:"GET"; http_method; content:"/srv/fup/uploads/drgdf.hgfg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.blackhost.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471988/; classtype:trojan-activity;sid:84335088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471987)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.qinah.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471987/; classtype:trojan-activity;sid:84335087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.33.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471986/; classtype:trojan-activity;sid:84335086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.91.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471985/; classtype:trojan-activity;sid:84335085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471983/; classtype:trojan-activity;sid:84335083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471984)"; flow:established,from_client; content:"GET"; http_method; content:"/d/linhgh7d"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471984/; classtype:trojan-activity;sid:84335084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471982)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_estrogen.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471982/; classtype:trojan-activity;sid:84335082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.11.71.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471981/; classtype:trojan-activity;sid:84335081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.193.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471980/; classtype:trojan-activity;sid:84335080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.21.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471979/; classtype:trojan-activity;sid:84335079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.5.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471978/; classtype:trojan-activity;sid:84335078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.54.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471977/; classtype:trojan-activity;sid:84335077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471976/; classtype:trojan-activity;sid:84335076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.183.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471975/; classtype:trojan-activity;sid:84335075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471974)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jiceo.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471974/; classtype:trojan-activity;sid:84335074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.90.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471973/; classtype:trojan-activity;sid:84335073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.188.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471971/; classtype:trojan-activity;sid:84335071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.49.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471972/; classtype:trojan-activity;sid:84335072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471970/; classtype:trojan-activity;sid:84335070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.168.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471969/; classtype:trojan-activity;sid:84335069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.185.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471968/; classtype:trojan-activity;sid:84335068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.10.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471967/; classtype:trojan-activity;sid:84335067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.184.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471966/; classtype:trojan-activity;sid:84335066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.243.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471965/; classtype:trojan-activity;sid:84335065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.183.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471964/; classtype:trojan-activity;sid:84335064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.133.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471963/; classtype:trojan-activity;sid:84335063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471962/; classtype:trojan-activity;sid:84335062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471961/; classtype:trojan-activity;sid:84335061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471960/; classtype:trojan-activity;sid:84335060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471959/; classtype:trojan-activity;sid:84335059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471958/; classtype:trojan-activity;sid:84335058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.10.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471957/; classtype:trojan-activity;sid:84335057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471956)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_flaxseed.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471956/; classtype:trojan-activity;sid:84335056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.143.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471955/; classtype:trojan-activity;sid:84335055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471954/; classtype:trojan-activity;sid:84335054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.190.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471953/; classtype:trojan-activity;sid:84335053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.75.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471952/; classtype:trojan-activity;sid:84335052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.209.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471951/; classtype:trojan-activity;sid:84335051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.9.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471950/; classtype:trojan-activity;sid:84335050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.104.5.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471949/; classtype:trojan-activity;sid:84335049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471947/; classtype:trojan-activity;sid:84335047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.183.16.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471948/; classtype:trojan-activity;sid:84335048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.236.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471946/; classtype:trojan-activity;sid:84335046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.188.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471945/; classtype:trojan-activity;sid:84335045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.243.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471944/; classtype:trojan-activity;sid:84335044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.168.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471943/; classtype:trojan-activity;sid:84335043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.198.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471942/; classtype:trojan-activity;sid:84335042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.164.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471940/; classtype:trojan-activity;sid:84335040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471941/; classtype:trojan-activity;sid:84335041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.143.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471939/; classtype:trojan-activity;sid:84335039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.185.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471938/; classtype:trojan-activity;sid:84335038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471937/; classtype:trojan-activity;sid:84335037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.188.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471936/; classtype:trojan-activity;sid:84335036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.190.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471935/; classtype:trojan-activity;sid:84335035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.205.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471934/; classtype:trojan-activity;sid:84335034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.236.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471933/; classtype:trojan-activity;sid:84335033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.198.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471932/; classtype:trojan-activity;sid:84335032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.221.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471931/; classtype:trojan-activity;sid:84335031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.59.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471930/; classtype:trojan-activity;sid:84335030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.219.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471929/; classtype:trojan-activity;sid:84335029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.120.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471928/; classtype:trojan-activity;sid:84335028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.242.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471927/; classtype:trojan-activity;sid:84335027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471926/; classtype:trojan-activity;sid:84335026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.173.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471925/; classtype:trojan-activity;sid:84335025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.205.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471924/; classtype:trojan-activity;sid:84335024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471923)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_mockup.mp3"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471923/; classtype:trojan-activity;sid:84335023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.40.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471922/; classtype:trojan-activity;sid:84335022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471921/; classtype:trojan-activity;sid:84335021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.46.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471920/; classtype:trojan-activity;sid:84335020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471919/; classtype:trojan-activity;sid:84335019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.165.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471918/; classtype:trojan-activity;sid:84335018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.84.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471917/; classtype:trojan-activity;sid:84335017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.173.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471916/; classtype:trojan-activity;sid:84335016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.35.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471915/; classtype:trojan-activity;sid:84335015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.242.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471914/; classtype:trojan-activity;sid:84335014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471913/; classtype:trojan-activity;sid:84335013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.170.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471912/; classtype:trojan-activity;sid:84335012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.167.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471911/; classtype:trojan-activity;sid:84335011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471910/; classtype:trojan-activity;sid:84335010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.56.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471909/; classtype:trojan-activity;sid:84335009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.188.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471908/; classtype:trojan-activity;sid:84335008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.17.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471907/; classtype:trojan-activity;sid:84335007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.165.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471906/; classtype:trojan-activity;sid:84335006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.46.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471903/; classtype:trojan-activity;sid:84335003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.113.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471904/; classtype:trojan-activity;sid:84335004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471905/; classtype:trojan-activity;sid:84335005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.5.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471902/; classtype:trojan-activity;sid:84335002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471901/; classtype:trojan-activity;sid:84335001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.107.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471900/; classtype:trojan-activity;sid:84335000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.40.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471899/; classtype:trojan-activity;sid:84334999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471898/; classtype:trojan-activity;sid:84334998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.20.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471897/; classtype:trojan-activity;sid:84334997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.54.160.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471896/; classtype:trojan-activity;sid:84334996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471895/; classtype:trojan-activity;sid:84334995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.84.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471894/; classtype:trojan-activity;sid:84334994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.170.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471893/; classtype:trojan-activity;sid:84334993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.66.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471892/; classtype:trojan-activity;sid:84334992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471891/; classtype:trojan-activity;sid:84334991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.151.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471890/; classtype:trojan-activity;sid:84334990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471888/; classtype:trojan-activity;sid:84334988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471889/; classtype:trojan-activity;sid:84334989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.167.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471887/; classtype:trojan-activity;sid:84334987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.166.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471886/; classtype:trojan-activity;sid:84334986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.232.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471885/; classtype:trojan-activity;sid:84334985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471884/; classtype:trojan-activity;sid:84334984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.54.160.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471883/; classtype:trojan-activity;sid:84334983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.107.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471882/; classtype:trojan-activity;sid:84334982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471881)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_laborious.mp3"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471881/; classtype:trojan-activity;sid:84334981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.64.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471880/; classtype:trojan-activity;sid:84334980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471879/; classtype:trojan-activity;sid:84334979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471878)"; flow:established,from_client; content:"GET"; http_method; content:"/opticus.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471878/; classtype:trojan-activity;sid:84334978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.166.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471877/; classtype:trojan-activity;sid:84334977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.49.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471876/; classtype:trojan-activity;sid:84334976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.232.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471875/; classtype:trojan-activity;sid:84334975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471874/; classtype:trojan-activity;sid:84334974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471873/; classtype:trojan-activity;sid:84334973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.168.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471872/; classtype:trojan-activity;sid:84334972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.116.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471871/; classtype:trojan-activity;sid:84334971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471870/; classtype:trojan-activity;sid:84334970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.48.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471869/; classtype:trojan-activity;sid:84334969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471867/; classtype:trojan-activity;sid:84334967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471868/; classtype:trojan-activity;sid:84334968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.3.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471866/; classtype:trojan-activity;sid:84334966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.191.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471865/; classtype:trojan-activity;sid:84334965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471864/; classtype:trojan-activity;sid:84334964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471863/; classtype:trojan-activity;sid:84334963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.97.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471862/; classtype:trojan-activity;sid:84334962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471861/; classtype:trojan-activity;sid:84334961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.106.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471860/; classtype:trojan-activity;sid:84334960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471859)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_devotion.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471859/; classtype:trojan-activity;sid:84334959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471858)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.228.213.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471858/; classtype:trojan-activity;sid:84334958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.46.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471857/; classtype:trojan-activity;sid:84334957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471854/; classtype:trojan-activity;sid:84334954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.249.168.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471855/; classtype:trojan-activity;sid:84334955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471856/; classtype:trojan-activity;sid:84334956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.122.61.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471853/; classtype:trojan-activity;sid:84334953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.108.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471852/; classtype:trojan-activity;sid:84334952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.227.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471850/; classtype:trojan-activity;sid:84334950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.135.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471851/; classtype:trojan-activity;sid:84334951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.66.167.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471849/; classtype:trojan-activity;sid:84334949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.191.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471848/; classtype:trojan-activity;sid:84334948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471847/; classtype:trojan-activity;sid:84334947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.71.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471845/; classtype:trojan-activity;sid:84334945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471846)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.henuo.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471846/; classtype:trojan-activity;sid:84334946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.68.57.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471844/; classtype:trojan-activity;sid:84334944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.106.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471843/; classtype:trojan-activity;sid:84334943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.83.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471842/; classtype:trojan-activity;sid:84334942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.97.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471841/; classtype:trojan-activity;sid:84334941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471840/; classtype:trojan-activity;sid:84334940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.17.202"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471839/; classtype:trojan-activity;sid:84334939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471838/; classtype:trojan-activity;sid:84334938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.133.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471837/; classtype:trojan-activity;sid:84334937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.18.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471836/; classtype:trojan-activity;sid:84334936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.255.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471835/; classtype:trojan-activity;sid:84334935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.137.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471834/; classtype:trojan-activity;sid:84334934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.202.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471833/; classtype:trojan-activity;sid:84334933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.200.107.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471832/; classtype:trojan-activity;sid:84334932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.221.94.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471831/; classtype:trojan-activity;sid:84334931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.200.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471830/; classtype:trojan-activity;sid:84334930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471829/; classtype:trojan-activity;sid:84334929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.128.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471828/; classtype:trojan-activity;sid:84334928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471827/; classtype:trojan-activity;sid:84334927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471826/; classtype:trojan-activity;sid:84334926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.237.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471825/; classtype:trojan-activity;sid:84334925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471824)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_remedial.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471824/; classtype:trojan-activity;sid:84334924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471823/; classtype:trojan-activity;sid:84334923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.17.202"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471822/; classtype:trojan-activity;sid:84334922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.149.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471821/; classtype:trojan-activity;sid:84334921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.110.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471820/; classtype:trojan-activity;sid:84334920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.41.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471819/; classtype:trojan-activity;sid:84334919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.177.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471818/; classtype:trojan-activity;sid:84334918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.202.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471817/; classtype:trojan-activity;sid:84334917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.200.107.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471816/; classtype:trojan-activity;sid:84334916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471815/; classtype:trojan-activity;sid:84334915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.221.94.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471814/; classtype:trojan-activity;sid:84334914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471813/; classtype:trojan-activity;sid:84334913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.80.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471812/; classtype:trojan-activity;sid:84334912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471811/; classtype:trojan-activity;sid:84334911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.255.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471810/; classtype:trojan-activity;sid:84334910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471809/; classtype:trojan-activity;sid:84334909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.149.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471808/; classtype:trojan-activity;sid:84334908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.44.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471806/; classtype:trojan-activity;sid:84334906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.143.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471807/; classtype:trojan-activity;sid:84334907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.177.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471805/; classtype:trojan-activity;sid:84334905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471804/; classtype:trojan-activity;sid:84334904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.253.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471803/; classtype:trojan-activity;sid:84334903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.118.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471802/; classtype:trojan-activity;sid:84334902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.80.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471801/; classtype:trojan-activity;sid:84334901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.85.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471800/; classtype:trojan-activity;sid:84334900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.44.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471799/; classtype:trojan-activity;sid:84334899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.184.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471798/; classtype:trojan-activity;sid:84334898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471797/; classtype:trojan-activity;sid:84334897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.200.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471795/; classtype:trojan-activity;sid:84334895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.253.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471796/; classtype:trojan-activity;sid:84334896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.15.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471794/; classtype:trojan-activity;sid:84334894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.141.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471793/; classtype:trojan-activity;sid:84334893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.89.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471792/; classtype:trojan-activity;sid:84334892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471791)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_humongous.mp3"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471791/; classtype:trojan-activity;sid:84334891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.177.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471790/; classtype:trojan-activity;sid:84334890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.200.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471789/; classtype:trojan-activity;sid:84334889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471788/; classtype:trojan-activity;sid:84334888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.203.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471787/; classtype:trojan-activity;sid:84334887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.15.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471786/; classtype:trojan-activity;sid:84334886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.76.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471785/; classtype:trojan-activity;sid:84334885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.85.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471784/; classtype:trojan-activity;sid:84334884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.146.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471783/; classtype:trojan-activity;sid:84334883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.184.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471782/; classtype:trojan-activity;sid:84334882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.183.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471780/; classtype:trojan-activity;sid:84334880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.245.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471781/; classtype:trojan-activity;sid:84334881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.179.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471779/; classtype:trojan-activity;sid:84334879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.39.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471778/; classtype:trojan-activity;sid:84334878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.35.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471777/; classtype:trojan-activity;sid:84334877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.203.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471775/; classtype:trojan-activity;sid:84334875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.142.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471776/; classtype:trojan-activity;sid:84334876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471774/; classtype:trojan-activity;sid:84334874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.222.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471773/; classtype:trojan-activity;sid:84334873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.53.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471772/; classtype:trojan-activity;sid:84334872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.40.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471771/; classtype:trojan-activity;sid:84334871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.155.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471770/; classtype:trojan-activity;sid:84334870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.179.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471769/; classtype:trojan-activity;sid:84334869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.237.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471767/; classtype:trojan-activity;sid:84334867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.39.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471768/; classtype:trojan-activity;sid:84334868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.200.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471766/; classtype:trojan-activity;sid:84334866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471765/; classtype:trojan-activity;sid:84334865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.72.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471764/; classtype:trojan-activity;sid:84334864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.55.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471762/; classtype:trojan-activity;sid:84334862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.183.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471763/; classtype:trojan-activity;sid:84334863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.190.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471761/; classtype:trojan-activity;sid:84334861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.82"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471760/; classtype:trojan-activity;sid:84334860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.81.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471759/; classtype:trojan-activity;sid:84334859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.142.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471758/; classtype:trojan-activity;sid:84334858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.204.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471757/; classtype:trojan-activity;sid:84334857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471756)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_vascular.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471756/; classtype:trojan-activity;sid:84334856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.115.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471754/; classtype:trojan-activity;sid:84334854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.78.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471755/; classtype:trojan-activity;sid:84334855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471753/; classtype:trojan-activity;sid:84334853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.228.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471751/; classtype:trojan-activity;sid:84334851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.138.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471752/; classtype:trojan-activity;sid:84334852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.66.165.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471750/; classtype:trojan-activity;sid:84334850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471747/; classtype:trojan-activity;sid:84334847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471748/; classtype:trojan-activity;sid:84334848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471749/; classtype:trojan-activity;sid:84334849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471746/; classtype:trojan-activity;sid:84334846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.81.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471745/; classtype:trojan-activity;sid:84334845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.166.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471743/; classtype:trojan-activity;sid:84334843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.50.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471744/; classtype:trojan-activity;sid:84334844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.163.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471742/; classtype:trojan-activity;sid:84334842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471741/; classtype:trojan-activity;sid:84334841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471740/; classtype:trojan-activity;sid:84334840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.72.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471739/; classtype:trojan-activity;sid:84334839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.208.111.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471738/; classtype:trojan-activity;sid:84334838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.155.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471737/; classtype:trojan-activity;sid:84334837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.120.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471736/; classtype:trojan-activity;sid:84334836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.200.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471735/; classtype:trojan-activity;sid:84334835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.138.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471734/; classtype:trojan-activity;sid:84334834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.144.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471733/; classtype:trojan-activity;sid:84334833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.55.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471732/; classtype:trojan-activity;sid:84334832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471731/; classtype:trojan-activity;sid:84334831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.111.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471729/; classtype:trojan-activity;sid:84334829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.225.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471730/; classtype:trojan-activity;sid:84334830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.190.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471728/; classtype:trojan-activity;sid:84334828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471727/; classtype:trojan-activity;sid:84334827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.207.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471726/; classtype:trojan-activity;sid:84334826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471725/; classtype:trojan-activity;sid:84334825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.208.111.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471724/; classtype:trojan-activity;sid:84334824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.138.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471723/; classtype:trojan-activity;sid:84334823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471722/; classtype:trojan-activity;sid:84334822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.120.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471721/; classtype:trojan-activity;sid:84334821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.138.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471720/; classtype:trojan-activity;sid:84334820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.146.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471719/; classtype:trojan-activity;sid:84334819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.116.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471718/; classtype:trojan-activity;sid:84334818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471717/; classtype:trojan-activity;sid:84334817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.225.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471716/; classtype:trojan-activity;sid:84334816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.111.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471715/; classtype:trojan-activity;sid:84334815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471714)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_grant.mp3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471714/; classtype:trojan-activity;sid:84334814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.174.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471713/; classtype:trojan-activity;sid:84334813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471712)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.250.21.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471712/; classtype:trojan-activity;sid:84334812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.153.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471711/; classtype:trojan-activity;sid:84334811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.139.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471710/; classtype:trojan-activity;sid:84334810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.35.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471709/; classtype:trojan-activity;sid:84334809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.181.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471708/; classtype:trojan-activity;sid:84334808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.153.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471707/; classtype:trojan-activity;sid:84334807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471706)"; flow:established,from_client; content:"GET"; http_method; content:"/pty4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.172.157.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471706/; classtype:trojan-activity;sid:84334806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471705/; classtype:trojan-activity;sid:84334805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471702)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.122.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471702/; classtype:trojan-activity;sid:84334802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471703)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.68.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471703/; classtype:trojan-activity;sid:84334803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471704)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_overpay.mp3"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471704/; classtype:trojan-activity;sid:84334804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.84.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471690/; classtype:trojan-activity;sid:84334790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.90.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471691/; classtype:trojan-activity;sid:84334791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.68.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471692/; classtype:trojan-activity;sid:84334792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.76.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471693/; classtype:trojan-activity;sid:84334793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.76.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471694/; classtype:trojan-activity;sid:84334794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471695)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.5.216.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471695/; classtype:trojan-activity;sid:84334795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.129.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471696/; classtype:trojan-activity;sid:84334796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.79.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471697/; classtype:trojan-activity;sid:84334797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471698)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.49.126.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471698/; classtype:trojan-activity;sid:84334798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.94.121.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471699/; classtype:trojan-activity;sid:84334799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.49.126.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471700/; classtype:trojan-activity;sid:84334800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.144.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471701/; classtype:trojan-activity;sid:84334801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.250.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471675/; classtype:trojan-activity;sid:84334775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.250.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471676/; classtype:trojan-activity;sid:84334776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.145.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471677/; classtype:trojan-activity;sid:84334777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.9.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471678/; classtype:trojan-activity;sid:84334778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471679/; classtype:trojan-activity;sid:84334779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.35.36.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471680/; classtype:trojan-activity;sid:84334780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.159.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471681/; classtype:trojan-activity;sid:84334781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.97.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471682/; classtype:trojan-activity;sid:84334782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.68.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471683/; classtype:trojan-activity;sid:84334783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.68.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471684/; classtype:trojan-activity;sid:84334784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.68.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471685/; classtype:trojan-activity;sid:84334785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471686)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.234.174.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471686/; classtype:trojan-activity;sid:84334786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.37.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471687/; classtype:trojan-activity;sid:84334787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.37.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471688/; classtype:trojan-activity;sid:84334788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.129.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471689/; classtype:trojan-activity;sid:84334789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.7.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471670/; classtype:trojan-activity;sid:84334770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.223.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471671/; classtype:trojan-activity;sid:84334771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.77.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471672/; classtype:trojan-activity;sid:84334772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.53.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471673/; classtype:trojan-activity;sid:84334773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.109.227.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471674/; classtype:trojan-activity;sid:84334774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.162.97.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471669/; classtype:trojan-activity;sid:84334769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.237.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471668/; classtype:trojan-activity;sid:84334768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.238.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471665/; classtype:trojan-activity;sid:84334765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471666/; classtype:trojan-activity;sid:84334766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471667)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"153.206.211.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471667/; classtype:trojan-activity;sid:84334767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.145.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471644/; classtype:trojan-activity;sid:84334744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.36.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471645/; classtype:trojan-activity;sid:84334745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.109.227.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471646/; classtype:trojan-activity;sid:84334746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.217.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471647/; classtype:trojan-activity;sid:84334747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471648)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftingsoftwares/faw/downloads/arefaso.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471648/; classtype:trojan-activity;sid:84334748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.77.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471649/; classtype:trojan-activity;sid:84334749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.74.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471650/; classtype:trojan-activity;sid:84334750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.220.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471651/; classtype:trojan-activity;sid:84334751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.69.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471652/; classtype:trojan-activity;sid:84334752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.69.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471653/; classtype:trojan-activity;sid:84334753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.3.73"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471654/; classtype:trojan-activity;sid:84334754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.99.73.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471655/; classtype:trojan-activity;sid:84334755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.213.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471656/; classtype:trojan-activity;sid:84334756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.26.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471657/; classtype:trojan-activity;sid:84334757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.135.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471658/; classtype:trojan-activity;sid:84334758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.118.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471659/; classtype:trojan-activity;sid:84334759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.79.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471660/; classtype:trojan-activity;sid:84334760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.144.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471661/; classtype:trojan-activity;sid:84334761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.238.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471662/; classtype:trojan-activity;sid:84334762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.32.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471663/; classtype:trojan-activity;sid:84334763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.117.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471664/; classtype:trojan-activity;sid:84334764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471637)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document-bu110526045.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"58ff574.na3.to"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471637/; classtype:trojan-activity;sid:84334737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.27.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471638/; classtype:trojan-activity;sid:84334738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471639/; classtype:trojan-activity;sid:84334739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.27.50"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471640/; classtype:trojan-activity;sid:84334740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.13.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471641/; classtype:trojan-activity;sid:84334741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.213.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471642/; classtype:trojan-activity;sid:84334742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.168.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471643/; classtype:trojan-activity;sid:84334743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.27.208.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471636/; classtype:trojan-activity;sid:84334736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.35.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471635/; classtype:trojan-activity;sid:84334735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.237.194.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471634/; classtype:trojan-activity;sid:84334734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471632/; classtype:trojan-activity;sid:84334732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.241.165.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471633/; classtype:trojan-activity;sid:84334733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.55.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471628/; classtype:trojan-activity;sid:84334728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.36.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471629/; classtype:trojan-activity;sid:84334729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.7.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471630/; classtype:trojan-activity;sid:84334730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.213.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471631/; classtype:trojan-activity;sid:84334731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.91.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471627/; classtype:trojan-activity;sid:84334727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.35.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471623/; classtype:trojan-activity;sid:84334723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"152.172.129.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471624/; classtype:trojan-activity;sid:84334724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.237.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471625/; classtype:trojan-activity;sid:84334725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471626)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.68.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471626/; classtype:trojan-activity;sid:84334726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.20.230.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471621/; classtype:trojan-activity;sid:84334721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.161.230.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471622/; classtype:trojan-activity;sid:84334722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.65.26.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471620/; classtype:trojan-activity;sid:84334720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471619)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.117.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471619/; classtype:trojan-activity;sid:84334719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471618/; classtype:trojan-activity;sid:84334718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471617/; classtype:trojan-activity;sid:84334717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.36.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471616/; classtype:trojan-activity;sid:84334716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471615/; classtype:trojan-activity;sid:84334715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471614/; classtype:trojan-activity;sid:84334714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.36.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471613/; classtype:trojan-activity;sid:84334713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471612)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.juxoi.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471612/; classtype:trojan-activity;sid:84334712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.135.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471611/; classtype:trojan-activity;sid:84334711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.131.70.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471610/; classtype:trojan-activity;sid:84334710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471609)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/documents/marketing%20info.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"pub.goblinzone.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471609/; classtype:trojan-activity;sid:84334709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.188.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471608/; classtype:trojan-activity;sid:84334708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.65.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471607/; classtype:trojan-activity;sid:84334707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.3.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471606/; classtype:trojan-activity;sid:84334706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.107.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471605/; classtype:trojan-activity;sid:84334705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.213.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471604/; classtype:trojan-activity;sid:84334704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471603)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.219.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471603/; classtype:trojan-activity;sid:84334703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471602)"; flow:established,from_client; content:"GET"; http_method; content:"/cake/setup1549.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"34.85.195.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471602/; classtype:trojan-activity;sid:84334702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.160.171.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471601/; classtype:trojan-activity;sid:84334701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.189.18.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471600/; classtype:trojan-activity;sid:84334700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.236.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471599/; classtype:trojan-activity;sid:84334699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471598)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftingsoftwares/faw/downloads/gribto2.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471598/; classtype:trojan-activity;sid:84334698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471597/; classtype:trojan-activity;sid:84334697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.241.146.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471596/; classtype:trojan-activity;sid:84334696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471595)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftingsoftwares/faw/downloads/barfaser.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471595/; classtype:trojan-activity;sid:84334695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.142.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471593/; classtype:trojan-activity;sid:84334693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471594/; classtype:trojan-activity;sid:84334694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.175.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471592/; classtype:trojan-activity;sid:84334692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471589/; classtype:trojan-activity;sid:84334689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.251.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471590/; classtype:trojan-activity;sid:84334690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471591/; classtype:trojan-activity;sid:84334691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.11.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471588/; classtype:trojan-activity;sid:84334688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471587/; classtype:trojan-activity;sid:84334687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471586)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document-bu110526045.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"34.85.195.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471586/; classtype:trojan-activity;sid:84334686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.26.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471585/; classtype:trojan-activity;sid:84334685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.181.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471584/; classtype:trojan-activity;sid:84334684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471583)"; flow:established,from_client; content:"GET"; http_method; content:"/cake/setup1549.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58ff574.na3.to"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471583/; classtype:trojan-activity;sid:84334683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.181.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471582/; classtype:trojan-activity;sid:84334682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.213.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471581/; classtype:trojan-activity;sid:84334681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.6.76.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471580/; classtype:trojan-activity;sid:84334680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.51.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471579/; classtype:trojan-activity;sid:84334679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.51.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471578/; classtype:trojan-activity;sid:84334678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471577)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.242.205.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471577/; classtype:trojan-activity;sid:84334677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.232.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471575/; classtype:trojan-activity;sid:84334675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.232.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471576/; classtype:trojan-activity;sid:84334676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471574/; classtype:trojan-activity;sid:84334674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.3.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471573/; classtype:trojan-activity;sid:84334673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.72.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471572/; classtype:trojan-activity;sid:84334672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.8.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471570/; classtype:trojan-activity;sid:84334670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.166.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471569/; classtype:trojan-activity;sid:84334669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.76.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471568/; classtype:trojan-activity;sid:84334668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.228.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471566/; classtype:trojan-activity;sid:84334666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.120.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471567/; classtype:trojan-activity;sid:84334667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.122.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471565/; classtype:trojan-activity;sid:84334665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471564)"; flow:established,from_client; content:"GET"; http_method; content:"/vrep.msi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"authenticatior.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471564/; classtype:trojan-activity;sid:84334664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.122.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471563/; classtype:trojan-activity;sid:84334663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.197.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471561/; classtype:trojan-activity;sid:84334661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.236.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471560/; classtype:trojan-activity;sid:84334660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471559)"; flow:established,from_client; content:"GET"; http_method; content:"/nsm.lic"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"authenticatior.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471559/; classtype:trojan-activity;sid:84334659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471558)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"certified-doc.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471558/; classtype:trojan-activity;sid:84334658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471557)"; flow:established,from_client; content:"GET"; http_method; content:"/client32.ini"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"authenticatior.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471557/; classtype:trojan-activity;sid:84334657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.40.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471556/; classtype:trojan-activity;sid:84334656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.160.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471555/; classtype:trojan-activity;sid:84334655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471554/; classtype:trojan-activity;sid:84334654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.131.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471553/; classtype:trojan-activity;sid:84334653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.152.94.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471552/; classtype:trojan-activity;sid:84334652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.152.94.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471551/; classtype:trojan-activity;sid:84334651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.137.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471550/; classtype:trojan-activity;sid:84334650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471549/; classtype:trojan-activity;sid:84334649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471548/; classtype:trojan-activity;sid:84334648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471547/; classtype:trojan-activity;sid:84334647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.228.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471546/; classtype:trojan-activity;sid:84334646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.144.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471545/; classtype:trojan-activity;sid:84334645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.49.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471544/; classtype:trojan-activity;sid:84334644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.102.189.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471543/; classtype:trojan-activity;sid:84334643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471536/; classtype:trojan-activity;sid:84334636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.38.0.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471537/; classtype:trojan-activity;sid:84334637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471538/; classtype:trojan-activity;sid:84334638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471539/; classtype:trojan-activity;sid:84334639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471540/; classtype:trojan-activity;sid:84334640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471541/; classtype:trojan-activity;sid:84334641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.12.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471542/; classtype:trojan-activity;sid:84334642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.174.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471535/; classtype:trojan-activity;sid:84334635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471534/; classtype:trojan-activity;sid:84334634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.48.59.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471533/; classtype:trojan-activity;sid:84334633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.52.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471532/; classtype:trojan-activity;sid:84334632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.155.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471531/; classtype:trojan-activity;sid:84334631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471530/; classtype:trojan-activity;sid:84334630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.51.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471529/; classtype:trojan-activity;sid:84334629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.30.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471528/; classtype:trojan-activity;sid:84334628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.30.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471526/; classtype:trojan-activity;sid:84334626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.157.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471527/; classtype:trojan-activity;sid:84334627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.64.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471525/; classtype:trojan-activity;sid:84334625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.208.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471524/; classtype:trojan-activity;sid:84334624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.51.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471523/; classtype:trojan-activity;sid:84334623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.30.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471522/; classtype:trojan-activity;sid:84334622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.8.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471521/; classtype:trojan-activity;sid:84334621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.30.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471520/; classtype:trojan-activity;sid:84334620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.216.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471519/; classtype:trojan-activity;sid:84334619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.24.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471518/; classtype:trojan-activity;sid:84334618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.8.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471517/; classtype:trojan-activity;sid:84334617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.64.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471516/; classtype:trojan-activity;sid:84334616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.47.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471515/; classtype:trojan-activity;sid:84334615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.243.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471514/; classtype:trojan-activity;sid:84334614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.41.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471512/; classtype:trojan-activity;sid:84334612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.47.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471513/; classtype:trojan-activity;sid:84334613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.42.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471511/; classtype:trojan-activity;sid:84334611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.246.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471510/; classtype:trojan-activity;sid:84334610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.96.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471509/; classtype:trojan-activity;sid:84334609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471508)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.74.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471508/; classtype:trojan-activity;sid:84334608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.42.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471507/; classtype:trojan-activity;sid:84334607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.71.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471506/; classtype:trojan-activity;sid:84334606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.243.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471505/; classtype:trojan-activity;sid:84334605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.216.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471504/; classtype:trojan-activity;sid:84334604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471503/; classtype:trojan-activity;sid:84334603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.235.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471502/; classtype:trojan-activity;sid:84334602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.131.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471501/; classtype:trojan-activity;sid:84334601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.50.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471500/; classtype:trojan-activity;sid:84334600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.71.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471499/; classtype:trojan-activity;sid:84334599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.137.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471498/; classtype:trojan-activity;sid:84334598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.23.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471497/; classtype:trojan-activity;sid:84334597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.165.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471496/; classtype:trojan-activity;sid:84334596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.12.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471495/; classtype:trojan-activity;sid:84334595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.156.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471494/; classtype:trojan-activity;sid:84334594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471491/; classtype:trojan-activity;sid:84334591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.217.23.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471492/; classtype:trojan-activity;sid:84334592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471493/; classtype:trojan-activity;sid:84334593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471490/; classtype:trojan-activity;sid:84334590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471489/; classtype:trojan-activity;sid:84334589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.18.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471488/; classtype:trojan-activity;sid:84334588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.98.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471487/; classtype:trojan-activity;sid:84334587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.96.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471486/; classtype:trojan-activity;sid:84334586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471485/; classtype:trojan-activity;sid:84334585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.246.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471484/; classtype:trojan-activity;sid:84334584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.50.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471483/; classtype:trojan-activity;sid:84334583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.178.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471482/; classtype:trojan-activity;sid:84334582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.92.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471481/; classtype:trojan-activity;sid:84334581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471480/; classtype:trojan-activity;sid:84334580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471479)"; flow:established,from_client; content:"GET"; http_method; content:"/s/mirror/mnufgfjgbdbr9i7dsdfrjubx/file.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"arch1.usa1news.buzz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471479/; classtype:trojan-activity;sid:84334579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.178.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471478/; classtype:trojan-activity;sid:84334578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471477/; classtype:trojan-activity;sid:84334577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471476)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/oe7knozj2q5s45p/libskottie.bin/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471476/; classtype:trojan-activity;sid:84334576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471475)"; flow:established,from_client; content:"GET"; http_method; content:"/tozemeniaclo.mp3"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"refereng.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471475/; classtype:trojan-activity;sid:84334575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471473)"; flow:established,from_client; content:"GET"; http_method; content:"/junkypool.mp3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cariz.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471473/; classtype:trojan-activity;sid:84334573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471474)"; flow:established,from_client; content:"GET"; http_method; content:"/413a42a4c715693c37e5256e144fd76cc51160b74617024d.xll"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"x72.eioae.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471474/; classtype:trojan-activity;sid:84334574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471471)"; flow:established,from_client; content:"GET"; http_method; content:"/n/ax4mqlu25efi/b/zordarruba/o/tozemenia-pass-step.html"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"objectstorage.ap-singapore-2.oraclecloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471471/; classtype:trojan-activity;sid:84334571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471472)"; flow:established,from_client; content:"GET"; http_method; content:"/n/ax4mqlu25efi/b/lakmewbkt/o/fetch-page-loading-next.html"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"objectstorage.ap-singapore-2.oraclecloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471472/; classtype:trojan-activity;sid:84334572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.7.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471470/; classtype:trojan-activity;sid:84334570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.157.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471469/; classtype:trojan-activity;sid:84334569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.222.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471468/; classtype:trojan-activity;sid:84334568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.106.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471467/; classtype:trojan-activity;sid:84334567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.173.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471466/; classtype:trojan-activity;sid:84334566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.0.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471465/; classtype:trojan-activity;sid:84334565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.173.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471464/; classtype:trojan-activity;sid:84334564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.106.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471463/; classtype:trojan-activity;sid:84334563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.151.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471462/; classtype:trojan-activity;sid:84334562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.152.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471461/; classtype:trojan-activity;sid:84334561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.80.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471460/; classtype:trojan-activity;sid:84334560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.7.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471459/; classtype:trojan-activity;sid:84334559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.172.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471458/; classtype:trojan-activity;sid:84334558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.239.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471457/; classtype:trojan-activity;sid:84334557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.25.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471456/; classtype:trojan-activity;sid:84334556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471455)"; flow:established,from_client; content:"GET"; http_method; content:"/17f9c91b5a59bdf35c05b9d1a24f18f6467247cda6cf0b27.wbk"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"x5.eioae.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471455/; classtype:trojan-activity;sid:84334555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471454)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/174i9ezu25i36ac/zxia.mp3/file"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471454/; classtype:trojan-activity;sid:84334554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471452)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/0biw8p6gk849oy0/kjzninsj.mp3/file"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471452/; classtype:trojan-activity;sid:84334552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471453)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/8pu8gc281skus34/ihtojwmztzy.wav/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471453/; classtype:trojan-activity;sid:84334553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471446)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/fyzebgcilgcapx7/sepiu.wav/file"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471446/; classtype:trojan-activity;sid:84334546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471447)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/9hr4d1ue3froxkc/vshgbjlzor.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471447/; classtype:trojan-activity;sid:84334547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471448)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/pica.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"farmagrupodw.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471448/; classtype:trojan-activity;sid:84334548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471449)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/2yr3und23dtjqd8/qpggxctey.vdf/file"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471449/; classtype:trojan-activity;sid:84334549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471450)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/tvp04d3t8v7xgo7/hsdwswa.mp3/file"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471450/; classtype:trojan-activity;sid:84334550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471451)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/registry.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"farmagrupodw.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471451/; classtype:trojan-activity;sid:84334551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.17.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471441/; classtype:trojan-activity;sid:84334541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471440)"; flow:established,from_client; content:"GET"; http_method; content:"/julab.m4a"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"charmdelights.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471440/; classtype:trojan-activity;sid:84334540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.0.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471438/; classtype:trojan-activity;sid:84334538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471437)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/elated.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"farmagrupodw.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471437/; classtype:trojan-activity;sid:84334537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.71.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471436/; classtype:trojan-activity;sid:84334536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.0.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471435/; classtype:trojan-activity;sid:84334535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.151.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471434/; classtype:trojan-activity;sid:84334534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.80.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471433/; classtype:trojan-activity;sid:84334533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.239.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471432/; classtype:trojan-activity;sid:84334532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.251.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471431/; classtype:trojan-activity;sid:84334531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.115.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471430/; classtype:trojan-activity;sid:84334530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.185.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471429/; classtype:trojan-activity;sid:84334529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.172.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471428/; classtype:trojan-activity;sid:84334528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.25.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471426/; classtype:trojan-activity;sid:84334526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.227.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471427/; classtype:trojan-activity;sid:84334527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.71.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471425/; classtype:trojan-activity;sid:84334525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.251.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471424/; classtype:trojan-activity;sid:84334524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.80.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471423/; classtype:trojan-activity;sid:84334523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.87.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471422/; classtype:trojan-activity;sid:84334522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.167.202.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471421/; classtype:trojan-activity;sid:84334521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.51.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471420/; classtype:trojan-activity;sid:84334520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.46.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471418/; classtype:trojan-activity;sid:84334518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.166.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471419/; classtype:trojan-activity;sid:84334519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.189.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471417/; classtype:trojan-activity;sid:84334517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.245.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471416/; classtype:trojan-activity;sid:84334516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.120.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471415/; classtype:trojan-activity;sid:84334515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.80.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471414/; classtype:trojan-activity;sid:84334514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.87.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471413/; classtype:trojan-activity;sid:84334513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.189.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471412/; classtype:trojan-activity;sid:84334512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.21.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471411/; classtype:trojan-activity;sid:84334511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.89.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471410/; classtype:trojan-activity;sid:84334510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.228.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471409/; classtype:trojan-activity;sid:84334509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.222.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471408/; classtype:trojan-activity;sid:84334508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471406/; classtype:trojan-activity;sid:84334506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471407/; classtype:trojan-activity;sid:84334507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471403/; classtype:trojan-activity;sid:84334503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.57.0.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471404/; classtype:trojan-activity;sid:84334504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.180.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471405/; classtype:trojan-activity;sid:84334505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.54.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471402/; classtype:trojan-activity;sid:84334502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471400/; classtype:trojan-activity;sid:84334500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.5.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471401/; classtype:trojan-activity;sid:84334501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471399/; classtype:trojan-activity;sid:84334499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471398/; classtype:trojan-activity;sid:84334498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.26.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471397/; classtype:trojan-activity;sid:84334497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.21.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471396/; classtype:trojan-activity;sid:84334496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.217.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471395/; classtype:trojan-activity;sid:84334495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.181.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471394/; classtype:trojan-activity;sid:84334494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.181.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471393/; classtype:trojan-activity;sid:84334493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.89.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471392/; classtype:trojan-activity;sid:84334492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.235.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471391/; classtype:trojan-activity;sid:84334491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.138.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471390/; classtype:trojan-activity;sid:84334490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.26.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471389/; classtype:trojan-activity;sid:84334489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.239.143.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471388/; classtype:trojan-activity;sid:84334488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.235.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471387/; classtype:trojan-activity;sid:84334487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.138.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471386/; classtype:trojan-activity;sid:84334486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471385/; classtype:trojan-activity;sid:84334485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.232.5.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471384/; classtype:trojan-activity;sid:84334484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471383/; classtype:trojan-activity;sid:84334483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.240.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471382/; classtype:trojan-activity;sid:84334482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471381/; classtype:trojan-activity;sid:84334481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.47.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471379/; classtype:trojan-activity;sid:84334479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.133.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471380/; classtype:trojan-activity;sid:84334480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471367/; classtype:trojan-activity;sid:84334467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471368/; classtype:trojan-activity;sid:84334468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471369/; classtype:trojan-activity;sid:84334469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471370/; classtype:trojan-activity;sid:84334470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471371/; classtype:trojan-activity;sid:84334471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471372/; classtype:trojan-activity;sid:84334472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471373/; classtype:trojan-activity;sid:84334473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471374/; classtype:trojan-activity;sid:84334474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471375/; classtype:trojan-activity;sid:84334475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471376/; classtype:trojan-activity;sid:84334476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471377/; classtype:trojan-activity;sid:84334477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.252.177.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471378/; classtype:trojan-activity;sid:84334478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471366/; classtype:trojan-activity;sid:84334466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471365)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"w.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471365/; classtype:trojan-activity;sid:84334465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.5.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471364/; classtype:trojan-activity;sid:84334464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471363)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"w.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471363/; classtype:trojan-activity;sid:84334463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471362)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"w.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471362/; classtype:trojan-activity;sid:84334462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471360)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"w.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471360/; classtype:trojan-activity;sid:84334460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471361)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"w.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471361/; classtype:trojan-activity;sid:84334461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.133.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471359/; classtype:trojan-activity;sid:84334459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471358)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471358/; classtype:trojan-activity;sid:84334458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471357)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"z.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471357/; classtype:trojan-activity;sid:84334457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471356)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"z.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471356/; classtype:trojan-activity;sid:84334456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471352)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.34.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471352/; classtype:trojan-activity;sid:84334452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471353)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471353/; classtype:trojan-activity;sid:84334453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471354)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"z.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471354/; classtype:trojan-activity;sid:84334454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471355)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"z.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471355/; classtype:trojan-activity;sid:84334455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.99.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471351/; classtype:trojan-activity;sid:84334451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.240.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471350/; classtype:trojan-activity;sid:84334450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471349)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471349/; classtype:trojan-activity;sid:84334449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471341)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471341/; classtype:trojan-activity;sid:84334441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471342)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.34.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471342/; classtype:trojan-activity;sid:84334442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471343)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.12.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471343/; classtype:trojan-activity;sid:84334443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471344)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471344/; classtype:trojan-activity;sid:84334444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471345)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471345/; classtype:trojan-activity;sid:84334445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471346)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.186.12.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471346/; classtype:trojan-activity;sid:84334446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471347)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.12.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471347/; classtype:trojan-activity;sid:84334447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471348)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.12.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471348/; classtype:trojan-activity;sid:84334448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471340)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.186.12.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471340/; classtype:trojan-activity;sid:84334440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471338)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.34.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471338/; classtype:trojan-activity;sid:84334438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471339/; classtype:trojan-activity;sid:84334439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471337)"; flow:established,from_client; content:"GET"; http_method; content:"/test.woff"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.8.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471337/; classtype:trojan-activity;sid:84334437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471336/; classtype:trojan-activity;sid:84334436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.70.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471335/; classtype:trojan-activity;sid:84334435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.139.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471334/; classtype:trojan-activity;sid:84334434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471333)"; flow:established,from_client; content:"GET"; http_method; content:"/uh_uh+uh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x.0.feedback"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471333/; classtype:trojan-activity;sid:84334433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471332)"; flow:established,from_client; content:"GET"; http_method; content:"/t1t1t1t1t1.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"files.whined.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471332/; classtype:trojan-activity;sid:84334432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471330/; classtype:trojan-activity;sid:84334430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.147.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471331/; classtype:trojan-activity;sid:84334431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.58.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471329/; classtype:trojan-activity;sid:84334429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471328)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.42.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471328/; classtype:trojan-activity;sid:84334428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471327)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.42.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471327/; classtype:trojan-activity;sid:84334427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471321)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471321/; classtype:trojan-activity;sid:84334421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471322)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.42.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471322/; classtype:trojan-activity;sid:84334422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471323)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.32.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471323/; classtype:trojan-activity;sid:84334423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471324)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.32.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471324/; classtype:trojan-activity;sid:84334424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471325)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.32.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471325/; classtype:trojan-activity;sid:84334425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471326)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.32.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471326/; classtype:trojan-activity;sid:84334426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471317)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.42.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471317/; classtype:trojan-activity;sid:84334417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471318)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471318/; classtype:trojan-activity;sid:84334418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471319)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471319/; classtype:trojan-activity;sid:84334419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471320)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471320/; classtype:trojan-activity;sid:84334420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471315)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471315/; classtype:trojan-activity;sid:84334415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471316)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471316/; classtype:trojan-activity;sid:84334416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471314)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.32.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471314/; classtype:trojan-activity;sid:84334414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471313)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"y.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471313/; classtype:trojan-activity;sid:84334413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471309)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"y.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471309/; classtype:trojan-activity;sid:84334409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471310)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471310/; classtype:trojan-activity;sid:84334410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471311)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"y.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471311/; classtype:trojan-activity;sid:84334411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471312)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"y.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471312/; classtype:trojan-activity;sid:84334412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471290)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471290/; classtype:trojan-activity;sid:84334390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471291)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471291/; classtype:trojan-activity;sid:84334391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471292)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471292/; classtype:trojan-activity;sid:84334392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471293)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.34.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471293/; classtype:trojan-activity;sid:84334393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471294)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471294/; classtype:trojan-activity;sid:84334394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471295)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471295/; classtype:trojan-activity;sid:84334395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471296)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.42.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471296/; classtype:trojan-activity;sid:84334396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471297)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471297/; classtype:trojan-activity;sid:84334397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471298)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.12.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471298/; classtype:trojan-activity;sid:84334398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471299)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.12.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471299/; classtype:trojan-activity;sid:84334399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471300)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471300/; classtype:trojan-activity;sid:84334400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471301)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471301/; classtype:trojan-activity;sid:84334401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471302)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.12.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471302/; classtype:trojan-activity;sid:84334402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471303)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.12.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471303/; classtype:trojan-activity;sid:84334403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471304)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471304/; classtype:trojan-activity;sid:84334404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471305)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.42.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471305/; classtype:trojan-activity;sid:84334405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471306)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.12.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471306/; classtype:trojan-activity;sid:84334406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471307)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.167.34.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471307/; classtype:trojan-activity;sid:84334407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471308)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.12.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471308/; classtype:trojan-activity;sid:84334408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471289)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.42.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471289/; classtype:trojan-activity;sid:84334389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471287)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.186.12.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471287/; classtype:trojan-activity;sid:84334387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471288)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.186.12.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471288/; classtype:trojan-activity;sid:84334388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471285)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.42.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471285/; classtype:trojan-activity;sid:84334385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.148.220.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471286/; classtype:trojan-activity;sid:84334386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471283)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.34.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471283/; classtype:trojan-activity;sid:84334383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471284)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.34.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471284/; classtype:trojan-activity;sid:84334384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471279)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.34.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471279/; classtype:trojan-activity;sid:84334379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471280)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.167.42.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471280/; classtype:trojan-activity;sid:84334380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471281)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.186.12.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471281/; classtype:trojan-activity;sid:84334381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471282)"; flow:established,from_client; content:"GET"; http_method; content:"/gif"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.186.12.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471282/; classtype:trojan-activity;sid:84334382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.206.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471278/; classtype:trojan-activity;sid:84334378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.124.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471277/; classtype:trojan-activity;sid:84334377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.4.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471276/; classtype:trojan-activity;sid:84334376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471275)"; flow:established,from_client; content:"GET"; http_method; content:"/miner"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.167.34.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471275/; classtype:trojan-activity;sid:84334375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471273)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471273/; classtype:trojan-activity;sid:84334373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471274)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471274/; classtype:trojan-activity;sid:84334374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471272)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471272/; classtype:trojan-activity;sid:84334372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471264)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471264/; classtype:trojan-activity;sid:84334364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471265)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471265/; classtype:trojan-activity;sid:84334365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471266)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471266/; classtype:trojan-activity;sid:84334366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471267)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471267/; classtype:trojan-activity;sid:84334367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471268)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471268/; classtype:trojan-activity;sid:84334368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471269)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471269/; classtype:trojan-activity;sid:84334369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471270)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471270/; classtype:trojan-activity;sid:84334370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471271)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471271/; classtype:trojan-activity;sid:84334371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471260)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471260/; classtype:trojan-activity;sid:84334360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471261)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471261/; classtype:trojan-activity;sid:84334361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471262)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471262/; classtype:trojan-activity;sid:84334362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471263)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471263/; classtype:trojan-activity;sid:84334363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471251)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471251/; classtype:trojan-activity;sid:84334351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471252)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471252/; classtype:trojan-activity;sid:84334352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471253)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471253/; classtype:trojan-activity;sid:84334353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471254)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471254/; classtype:trojan-activity;sid:84334354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471255)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471255/; classtype:trojan-activity;sid:84334355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471256)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet1.uapworx1.sbs"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471256/; classtype:trojan-activity;sid:84334356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471257)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471257/; classtype:trojan-activity;sid:84334357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471258)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471258/; classtype:trojan-activity;sid:84334358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.108.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471259/; classtype:trojan-activity;sid:84334359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471249)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471249/; classtype:trojan-activity;sid:84334349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471250)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471250/; classtype:trojan-activity;sid:84334350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471248)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.12.94.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471248/; classtype:trojan-activity;sid:84334348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.33.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471247/; classtype:trojan-activity;sid:84334347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.172.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471246/; classtype:trojan-activity;sid:84334346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.107.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471245/; classtype:trojan-activity;sid:84334345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.70.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471244/; classtype:trojan-activity;sid:84334344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.159.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471243/; classtype:trojan-activity;sid:84334343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.39.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471242/; classtype:trojan-activity;sid:84334342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.206.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471241/; classtype:trojan-activity;sid:84334341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.47.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471240/; classtype:trojan-activity;sid:84334340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.70.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471239/; classtype:trojan-activity;sid:84334339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.99.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471238/; classtype:trojan-activity;sid:84334338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.4.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471237/; classtype:trojan-activity;sid:84334337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471236/; classtype:trojan-activity;sid:84334336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.86.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471235/; classtype:trojan-activity;sid:84334335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.58.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471234/; classtype:trojan-activity;sid:84334334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471233)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_diligent.mp3"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471233/; classtype:trojan-activity;sid:84334333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.107.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471232/; classtype:trojan-activity;sid:84334332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.99.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471231/; classtype:trojan-activity;sid:84334331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.205.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471230/; classtype:trojan-activity;sid:84334330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.49.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471229/; classtype:trojan-activity;sid:84334329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.227.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471228/; classtype:trojan-activity;sid:84334328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.154.81.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471227/; classtype:trojan-activity;sid:84334327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471226/; classtype:trojan-activity;sid:84334326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.39.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471225/; classtype:trojan-activity;sid:84334325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.105.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471223/; classtype:trojan-activity;sid:84334323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.203.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471224/; classtype:trojan-activity;sid:84334324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.51.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471222/; classtype:trojan-activity;sid:84334322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.44.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471221/; classtype:trojan-activity;sid:84334321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.68.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471220/; classtype:trojan-activity;sid:84334320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471219/; classtype:trojan-activity;sid:84334319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.203.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471218/; classtype:trojan-activity;sid:84334318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.154.81.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471217/; classtype:trojan-activity;sid:84334317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.123.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471216/; classtype:trojan-activity;sid:84334316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.184.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471215/; classtype:trojan-activity;sid:84334315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.86.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471214/; classtype:trojan-activity;sid:84334314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.88.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471213/; classtype:trojan-activity;sid:84334313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.37.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471212/; classtype:trojan-activity;sid:84334312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471211/; classtype:trojan-activity;sid:84334311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.68.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471210/; classtype:trojan-activity;sid:84334310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471209/; classtype:trojan-activity;sid:84334309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471208/; classtype:trojan-activity;sid:84334308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.141.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471207/; classtype:trojan-activity;sid:84334307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.0.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471205/; classtype:trojan-activity;sid:84334305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.56.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471206/; classtype:trojan-activity;sid:84334306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.58.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471201/; classtype:trojan-activity;sid:84334301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471202/; classtype:trojan-activity;sid:84334302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.133.71.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471203/; classtype:trojan-activity;sid:84334303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471204/; classtype:trojan-activity;sid:84334304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471200/; classtype:trojan-activity;sid:84334300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.66.164.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471199/; classtype:trojan-activity;sid:84334299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.56.205.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471198/; classtype:trojan-activity;sid:84334298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.143.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471197/; classtype:trojan-activity;sid:84334297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471196/; classtype:trojan-activity;sid:84334296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.233.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471195/; classtype:trojan-activity;sid:84334295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.142.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471194/; classtype:trojan-activity;sid:84334294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471193/; classtype:trojan-activity;sid:84334293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.37.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471192/; classtype:trojan-activity;sid:84334292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471191/; classtype:trojan-activity;sid:84334291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.125.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471190/; classtype:trojan-activity;sid:84334290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.218.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471189/; classtype:trojan-activity;sid:84334289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471188/; classtype:trojan-activity;sid:84334288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.105.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471186/; classtype:trojan-activity;sid:84334286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471187/; classtype:trojan-activity;sid:84334287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.37.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471185/; classtype:trojan-activity;sid:84334285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.142.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471184/; classtype:trojan-activity;sid:84334284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471183/; classtype:trojan-activity;sid:84334283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.185.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471182/; classtype:trojan-activity;sid:84334282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.125.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471181/; classtype:trojan-activity;sid:84334281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.20.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471180/; classtype:trojan-activity;sid:84334280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.233.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471179/; classtype:trojan-activity;sid:84334279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.159.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471178/; classtype:trojan-activity;sid:84334278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.24.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471177/; classtype:trojan-activity;sid:84334277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471176/; classtype:trojan-activity;sid:84334276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.123.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471175/; classtype:trojan-activity;sid:84334275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.54.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471174/; classtype:trojan-activity;sid:84334274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.44.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471173/; classtype:trojan-activity;sid:84334273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.222.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471172/; classtype:trojan-activity;sid:84334272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.163.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471171/; classtype:trojan-activity;sid:84334271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.148.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471170/; classtype:trojan-activity;sid:84334270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.119.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471169/; classtype:trojan-activity;sid:84334269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.192.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471168/; classtype:trojan-activity;sid:84334268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.183.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471167/; classtype:trojan-activity;sid:84334267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471166)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_ice.mp3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471166/; classtype:trojan-activity;sid:84334266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.208.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471165/; classtype:trojan-activity;sid:84334265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.24.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471164/; classtype:trojan-activity;sid:84334264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.183.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471163/; classtype:trojan-activity;sid:84334263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.143.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471162/; classtype:trojan-activity;sid:84334262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.231.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471161/; classtype:trojan-activity;sid:84334261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.119.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471160/; classtype:trojan-activity;sid:84334260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.21.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471159/; classtype:trojan-activity;sid:84334259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.148.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471158/; classtype:trojan-activity;sid:84334258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.163.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471157/; classtype:trojan-activity;sid:84334257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.40.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471156/; classtype:trojan-activity;sid:84334256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.15.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471155/; classtype:trojan-activity;sid:84334255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.143.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471154/; classtype:trojan-activity;sid:84334254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.192.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471153/; classtype:trojan-activity;sid:84334253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.16.161.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471152/; classtype:trojan-activity;sid:84334252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471151/; classtype:trojan-activity;sid:84334251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471150/; classtype:trojan-activity;sid:84334250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471149/; classtype:trojan-activity;sid:84334249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.228.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471148/; classtype:trojan-activity;sid:84334248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.21.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471147/; classtype:trojan-activity;sid:84334247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.142.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471146/; classtype:trojan-activity;sid:84334246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.64.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471145/; classtype:trojan-activity;sid:84334245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471144/; classtype:trojan-activity;sid:84334244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.16.161.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471143/; classtype:trojan-activity;sid:84334243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.135.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471141/; classtype:trojan-activity;sid:84334241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.185.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471142/; classtype:trojan-activity;sid:84334242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.223.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471140/; classtype:trojan-activity;sid:84334240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.6.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471138/; classtype:trojan-activity;sid:84334238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.134.152.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471139/; classtype:trojan-activity;sid:84334239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.21.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471137/; classtype:trojan-activity;sid:84334237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.211.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471136/; classtype:trojan-activity;sid:84334236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.201.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471135/; classtype:trojan-activity;sid:84334235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.142.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471134/; classtype:trojan-activity;sid:84334234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.187.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471133/; classtype:trojan-activity;sid:84334233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.242.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471132/; classtype:trojan-activity;sid:84334232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.121.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471131/; classtype:trojan-activity;sid:84334231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.99.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471129/; classtype:trojan-activity;sid:84334229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.134.152.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471130/; classtype:trojan-activity;sid:84334230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.3.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471128/; classtype:trojan-activity;sid:84334228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471127/; classtype:trojan-activity;sid:84334227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471126/; classtype:trojan-activity;sid:84334226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471125/; classtype:trojan-activity;sid:84334225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.175.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471123/; classtype:trojan-activity;sid:84334223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.103.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471124/; classtype:trojan-activity;sid:84334224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.64.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471122/; classtype:trojan-activity;sid:84334222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.135.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471121/; classtype:trojan-activity;sid:84334221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471120/; classtype:trojan-activity;sid:84334220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471119/; classtype:trojan-activity;sid:84334219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.242.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471118/; classtype:trojan-activity;sid:84334218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471117/; classtype:trojan-activity;sid:84334217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.105.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471116/; classtype:trojan-activity;sid:84334216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471115/; classtype:trojan-activity;sid:84334215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471106/; classtype:trojan-activity;sid:84334206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.213.107.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471107/; classtype:trojan-activity;sid:84334207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471108/; classtype:trojan-activity;sid:84334208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.208.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471109/; classtype:trojan-activity;sid:84334209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.136.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471110/; classtype:trojan-activity;sid:84334210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.115.58.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471111/; classtype:trojan-activity;sid:84334211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471112/; classtype:trojan-activity;sid:84334212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471113/; classtype:trojan-activity;sid:84334213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.86.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471114/; classtype:trojan-activity;sid:84334214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471105/; classtype:trojan-activity;sid:84334205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.179.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471103/; classtype:trojan-activity;sid:84334203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.107.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471104/; classtype:trojan-activity;sid:84334204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471101/; classtype:trojan-activity;sid:84334201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.209.79.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471102/; classtype:trojan-activity;sid:84334202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471099/; classtype:trojan-activity;sid:84334199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.45.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471100/; classtype:trojan-activity;sid:84334200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.144.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471098/; classtype:trojan-activity;sid:84334198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471097/; classtype:trojan-activity;sid:84334197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.0.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471096/; classtype:trojan-activity;sid:84334196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471095/; classtype:trojan-activity;sid:84334195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.3.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471094/; classtype:trojan-activity;sid:84334194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.121.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471093/; classtype:trojan-activity;sid:84334193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.36.152.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471092/; classtype:trojan-activity;sid:84334192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.107.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471091/; classtype:trojan-activity;sid:84334191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471090)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_garden.mp3"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471090/; classtype:trojan-activity;sid:84334190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.36.152.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471088/; classtype:trojan-activity;sid:84334188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471089/; classtype:trojan-activity;sid:84334189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.211.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471087/; classtype:trojan-activity;sid:84334187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.90.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471086/; classtype:trojan-activity;sid:84334186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.83.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471085/; classtype:trojan-activity;sid:84334185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471084/; classtype:trojan-activity;sid:84334184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.124.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471083/; classtype:trojan-activity;sid:84334183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471082/; classtype:trojan-activity;sid:84334182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.194.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471081/; classtype:trojan-activity;sid:84334181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.166.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471080/; classtype:trojan-activity;sid:84334180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.190.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471079/; classtype:trojan-activity;sid:84334179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.166.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471078/; classtype:trojan-activity;sid:84334178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.94.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471077/; classtype:trojan-activity;sid:84334177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.157.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471076/; classtype:trojan-activity;sid:84334176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.180.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471075/; classtype:trojan-activity;sid:84334175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.157.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471074/; classtype:trojan-activity;sid:84334174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.190.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471073/; classtype:trojan-activity;sid:84334173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.148.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471072/; classtype:trojan-activity;sid:84334172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.59.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471071/; classtype:trojan-activity;sid:84334171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.71.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471070/; classtype:trojan-activity;sid:84334170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.90.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471069/; classtype:trojan-activity;sid:84334169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.143.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471068/; classtype:trojan-activity;sid:84334168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.83.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471067/; classtype:trojan-activity;sid:84334167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.94.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471066/; classtype:trojan-activity;sid:84334166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.71.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471065/; classtype:trojan-activity;sid:84334165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.196.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471064/; classtype:trojan-activity;sid:84334164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471060)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.s"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471060/; classtype:trojan-activity;sid:84334160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471061)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.s"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471061/; classtype:trojan-activity;sid:84334161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471062)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.s"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471062/; classtype:trojan-activity;sid:84334162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471063)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.s"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471063/; classtype:trojan-activity;sid:84334163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471051)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.s"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471051/; classtype:trojan-activity;sid:84334151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471052)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.s"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471052/; classtype:trojan-activity;sid:84334152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471053)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.s"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471053/; classtype:trojan-activity;sid:84334153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471054)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.s"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471054/; classtype:trojan-activity;sid:84334154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471055)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471055/; classtype:trojan-activity;sid:84334155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471056)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.s"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471056/; classtype:trojan-activity;sid:84334156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471057)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.s"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471057/; classtype:trojan-activity;sid:84334157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471058)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.s"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471058/; classtype:trojan-activity;sid:84334158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471059)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.s"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471059/; classtype:trojan-activity;sid:84334159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471049)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471049/; classtype:trojan-activity;sid:84334149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471050)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471050/; classtype:trojan-activity;sid:84334150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.213.179.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471048/; classtype:trojan-activity;sid:84334148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.180.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471047/; classtype:trojan-activity;sid:84334147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471046)"; flow:established,from_client; content:"GET"; http_method; content:"/code.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tag.shufflerline.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471046/; classtype:trojan-activity;sid:84334146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471045/; classtype:trojan-activity;sid:84334145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.50.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471044/; classtype:trojan-activity;sid:84334144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.243.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471043/; classtype:trojan-activity;sid:84334143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471042/; classtype:trojan-activity;sid:84334142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471041)"; flow:established,from_client; content:"GET"; http_method; content:"/487/ossio.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"172.245.123.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471041/; classtype:trojan-activity;sid:84334141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471039)"; flow:established,from_client; content:"GET"; http_method; content:"/mvsxkjvb3/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.125.50.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471039/; classtype:trojan-activity;sid:84334139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471040)"; flow:established,from_client; content:"GET"; http_method; content:"/mvsxkjvb3/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.125.50.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471040/; classtype:trojan-activity;sid:84334140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.148.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471038/; classtype:trojan-activity;sid:84334138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.194.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471037/; classtype:trojan-activity;sid:84334137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.186.22.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471036/; classtype:trojan-activity;sid:84334136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.245.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471035/; classtype:trojan-activity;sid:84334135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.197.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471034/; classtype:trojan-activity;sid:84334134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.141.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471033/; classtype:trojan-activity;sid:84334133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.228.11.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471032/; classtype:trojan-activity;sid:84334132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471031/; classtype:trojan-activity;sid:84334131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.110.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471030/; classtype:trojan-activity;sid:84334130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.7.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471029/; classtype:trojan-activity;sid:84334129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.196.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471027/; classtype:trojan-activity;sid:84334127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.191.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471028/; classtype:trojan-activity;sid:84334128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471026/; classtype:trojan-activity;sid:84334126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471025/; classtype:trojan-activity;sid:84334125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471024/; classtype:trojan-activity;sid:84334124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.24.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471023/; classtype:trojan-activity;sid:84334123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.197.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471022/; classtype:trojan-activity;sid:84334122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.10.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471020/; classtype:trojan-activity;sid:84334120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.83.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471021/; classtype:trojan-activity;sid:84334121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.38.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471019/; classtype:trojan-activity;sid:84334119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.49.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471018/; classtype:trojan-activity;sid:84334118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.157.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471017/; classtype:trojan-activity;sid:84334117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471016/; classtype:trojan-activity;sid:84334116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.228.11.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471015/; classtype:trojan-activity;sid:84334115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.12.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471014/; classtype:trojan-activity;sid:84334114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.239.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471013/; classtype:trojan-activity;sid:84334113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.159.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471012/; classtype:trojan-activity;sid:84334112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.220.145.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471011/; classtype:trojan-activity;sid:84334111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.220.145.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471010/; classtype:trojan-activity;sid:84334110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.191.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471009/; classtype:trojan-activity;sid:84334109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471008/; classtype:trojan-activity;sid:84334108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.212.157.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471007/; classtype:trojan-activity;sid:84334107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.213.179.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471006/; classtype:trojan-activity;sid:84334106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.186.22.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471005/; classtype:trojan-activity;sid:84334105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471004)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471004/; classtype:trojan-activity;sid:84334104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.24.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471003/; classtype:trojan-activity;sid:84334103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.83.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471002/; classtype:trojan-activity;sid:84334102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.75.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471001/; classtype:trojan-activity;sid:84334101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.10.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3471000/; classtype:trojan-activity;sid:84334100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.12.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470999/; classtype:trojan-activity;sid:84334099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.38.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470998/; classtype:trojan-activity;sid:84334098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.83.119.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470997/; classtype:trojan-activity;sid:84334097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470996/; classtype:trojan-activity;sid:84334096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.202.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470995/; classtype:trojan-activity;sid:84334095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.38.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470994/; classtype:trojan-activity;sid:84334094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.116.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470993/; classtype:trojan-activity;sid:84334093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.73.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470992/; classtype:trojan-activity;sid:84334092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.134.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470991/; classtype:trojan-activity;sid:84334091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.50.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470990/; classtype:trojan-activity;sid:84334090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.29.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470989/; classtype:trojan-activity;sid:84334089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.148.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470988/; classtype:trojan-activity;sid:84334088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.75.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470987/; classtype:trojan-activity;sid:84334087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.13.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470986/; classtype:trojan-activity;sid:84334086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470984/; classtype:trojan-activity;sid:84334084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470985/; classtype:trojan-activity;sid:84334085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.131.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470983/; classtype:trojan-activity;sid:84334083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.241.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470982/; classtype:trojan-activity;sid:84334082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.131.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470981/; classtype:trojan-activity;sid:84334081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.13.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470980/; classtype:trojan-activity;sid:84334080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.29.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470979/; classtype:trojan-activity;sid:84334079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.239.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470978/; classtype:trojan-activity;sid:84334078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.241.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470977/; classtype:trojan-activity;sid:84334077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.173.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470976/; classtype:trojan-activity;sid:84334076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470975/; classtype:trojan-activity;sid:84334075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.230.66.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470971/; classtype:trojan-activity;sid:84334071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470972/; classtype:trojan-activity;sid:84334072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470973/; classtype:trojan-activity;sid:84334073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470974/; classtype:trojan-activity;sid:84334074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.90.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470969/; classtype:trojan-activity;sid:84334069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.147.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470970/; classtype:trojan-activity;sid:84334070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.137.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470968/; classtype:trojan-activity;sid:84334068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.131.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470967/; classtype:trojan-activity;sid:84334067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470965/; classtype:trojan-activity;sid:84334065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470966/; classtype:trojan-activity;sid:84334066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470964/; classtype:trojan-activity;sid:84334064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470962/; classtype:trojan-activity;sid:84334062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.68.56.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470963/; classtype:trojan-activity;sid:84334063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.218.214.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470959/; classtype:trojan-activity;sid:84334059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.134.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470960/; classtype:trojan-activity;sid:84334060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.86.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470961/; classtype:trojan-activity;sid:84334061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470958/; classtype:trojan-activity;sid:84334058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.59.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470957/; classtype:trojan-activity;sid:84334057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.78.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470956/; classtype:trojan-activity;sid:84334056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.148.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470955/; classtype:trojan-activity;sid:84334055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470954/; classtype:trojan-activity;sid:84334054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.15.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470953/; classtype:trojan-activity;sid:84334053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.187.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470952/; classtype:trojan-activity;sid:84334052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.6.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470951/; classtype:trojan-activity;sid:84334051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.38.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470949/; classtype:trojan-activity;sid:84334049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.13.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470950/; classtype:trojan-activity;sid:84334050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.173.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470948/; classtype:trojan-activity;sid:84334048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.171.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470947/; classtype:trojan-activity;sid:84334047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.147.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470946/; classtype:trojan-activity;sid:84334046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.15.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470945/; classtype:trojan-activity;sid:84334045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.228.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470944/; classtype:trojan-activity;sid:84334044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.99.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470943/; classtype:trojan-activity;sid:84334043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470942/; classtype:trojan-activity;sid:84334042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.8.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470941/; classtype:trojan-activity;sid:84334041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.45.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470940/; classtype:trojan-activity;sid:84334040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.103.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470939/; classtype:trojan-activity;sid:84334039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.135.17.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470937/; classtype:trojan-activity;sid:84334037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.115.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470938/; classtype:trojan-activity;sid:84334038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.73.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470935/; classtype:trojan-activity;sid:84334035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.8.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470936/; classtype:trojan-activity;sid:84334036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.226.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470934/; classtype:trojan-activity;sid:84334034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.8.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470933/; classtype:trojan-activity;sid:84334033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470932/; classtype:trojan-activity;sid:84334032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.110.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470931/; classtype:trojan-activity;sid:84334031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.78.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470930/; classtype:trojan-activity;sid:84334030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.142.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470929/; classtype:trojan-activity;sid:84334029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.8.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470928/; classtype:trojan-activity;sid:84334028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.133.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470926/; classtype:trojan-activity;sid:84334026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.191.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470927/; classtype:trojan-activity;sid:84334027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.115.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470925/; classtype:trojan-activity;sid:84334025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.29.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470924/; classtype:trojan-activity;sid:84334024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.226.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470923/; classtype:trojan-activity;sid:84334023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.124.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470922/; classtype:trojan-activity;sid:84334022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.8.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470921/; classtype:trojan-activity;sid:84334021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.112.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470920/; classtype:trojan-activity;sid:84334020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.15.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470919/; classtype:trojan-activity;sid:84334019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.17.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470918/; classtype:trojan-activity;sid:84334018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.82.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470917/; classtype:trojan-activity;sid:84334017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.167.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470916/; classtype:trojan-activity;sid:84334016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470915/; classtype:trojan-activity;sid:84334015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.165.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470914/; classtype:trojan-activity;sid:84334014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470913/; classtype:trojan-activity;sid:84334013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.186.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470912/; classtype:trojan-activity;sid:84334012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.29.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470911/; classtype:trojan-activity;sid:84334011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.112.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470910/; classtype:trojan-activity;sid:84334010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.142.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470909/; classtype:trojan-activity;sid:84334009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.165.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470908/; classtype:trojan-activity;sid:84334008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470907/; classtype:trojan-activity;sid:84334007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.220.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470906/; classtype:trojan-activity;sid:84334006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.248.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470904/; classtype:trojan-activity;sid:84334004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.6.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470905/; classtype:trojan-activity;sid:84334005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.148.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470903/; classtype:trojan-activity;sid:84334003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.192.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470902/; classtype:trojan-activity;sid:84334002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.33.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470901/; classtype:trojan-activity;sid:84334001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.124.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470900/; classtype:trojan-activity;sid:84334000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.218.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470899/; classtype:trojan-activity;sid:84333999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.124.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470898/; classtype:trojan-activity;sid:84333998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.104.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470897/; classtype:trojan-activity;sid:84333997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470896/; classtype:trojan-activity;sid:84333996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.148.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470895/; classtype:trojan-activity;sid:84333995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470894/; classtype:trojan-activity;sid:84333994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.187.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470893/; classtype:trojan-activity;sid:84333993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.143.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470892/; classtype:trojan-activity;sid:84333992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.90.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470890/; classtype:trojan-activity;sid:84333990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.57.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470891/; classtype:trojan-activity;sid:84333991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.240.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470889/; classtype:trojan-activity;sid:84333989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.248.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470888/; classtype:trojan-activity;sid:84333988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.181.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470887/; classtype:trojan-activity;sid:84333987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470886/; classtype:trojan-activity;sid:84333986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.218.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470885/; classtype:trojan-activity;sid:84333985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.6.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470884/; classtype:trojan-activity;sid:84333984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.8.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470883/; classtype:trojan-activity;sid:84333983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.17.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470882/; classtype:trojan-activity;sid:84333982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.104.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470881/; classtype:trojan-activity;sid:84333981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.192.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470880/; classtype:trojan-activity;sid:84333980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.148.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470879/; classtype:trojan-activity;sid:84333979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.98.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470878/; classtype:trojan-activity;sid:84333978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470877/; classtype:trojan-activity;sid:84333977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.57.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470876/; classtype:trojan-activity;sid:84333976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.153.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470875/; classtype:trojan-activity;sid:84333975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.132.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470874/; classtype:trojan-activity;sid:84333974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.151.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470873/; classtype:trojan-activity;sid:84333973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.59.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470872/; classtype:trojan-activity;sid:84333972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.177.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470871/; classtype:trojan-activity;sid:84333971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.253.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470870/; classtype:trojan-activity;sid:84333970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470869/; classtype:trojan-activity;sid:84333969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470868/; classtype:trojan-activity;sid:84333968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470867/; classtype:trojan-activity;sid:84333967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.211.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470866/; classtype:trojan-activity;sid:84333966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.98.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470865/; classtype:trojan-activity;sid:84333965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470864/; classtype:trojan-activity;sid:84333964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.0.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470863/; classtype:trojan-activity;sid:84333963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.131.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470862/; classtype:trojan-activity;sid:84333962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470861/; classtype:trojan-activity;sid:84333961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.112.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470860/; classtype:trojan-activity;sid:84333960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.108.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470859/; classtype:trojan-activity;sid:84333959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470856/; classtype:trojan-activity;sid:84333956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.240.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470857/; classtype:trojan-activity;sid:84333957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.122.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470858/; classtype:trojan-activity;sid:84333958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.35.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470855/; classtype:trojan-activity;sid:84333955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.252.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470853/; classtype:trojan-activity;sid:84333953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.94.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470854/; classtype:trojan-activity;sid:84333954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.59.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_08; reference:url, urlhaus.abuse.ch/url/3470852/; classtype:trojan-activity;sid:84333952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.70.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470851/; classtype:trojan-activity;sid:84333951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470850/; classtype:trojan-activity;sid:84333950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.12.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470849/; classtype:trojan-activity;sid:84333949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.215.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470848/; classtype:trojan-activity;sid:84333948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470847)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_disown.mp3"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470847/; classtype:trojan-activity;sid:84333947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.0.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470846/; classtype:trojan-activity;sid:84333946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470845/; classtype:trojan-activity;sid:84333945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.116.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470844/; classtype:trojan-activity;sid:84333944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.64.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470843/; classtype:trojan-activity;sid:84333943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.12.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470841/; classtype:trojan-activity;sid:84333941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470842/; classtype:trojan-activity;sid:84333942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.183.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470840/; classtype:trojan-activity;sid:84333940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.25.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470839/; classtype:trojan-activity;sid:84333939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.108.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470838/; classtype:trojan-activity;sid:84333938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470837/; classtype:trojan-activity;sid:84333937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.108.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470836/; classtype:trojan-activity;sid:84333936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.64.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470835/; classtype:trojan-activity;sid:84333935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470834/; classtype:trojan-activity;sid:84333934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470832/; classtype:trojan-activity;sid:84333932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.151.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470833/; classtype:trojan-activity;sid:84333933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470831/; classtype:trojan-activity;sid:84333931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.25.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470830/; classtype:trojan-activity;sid:84333930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470829/; classtype:trojan-activity;sid:84333929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.73.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470828/; classtype:trojan-activity;sid:84333928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.198.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470827/; classtype:trojan-activity;sid:84333927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.165.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470826/; classtype:trojan-activity;sid:84333926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.54"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470825/; classtype:trojan-activity;sid:84333925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.255.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470824/; classtype:trojan-activity;sid:84333924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470823/; classtype:trojan-activity;sid:84333923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.211.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470822/; classtype:trojan-activity;sid:84333922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470821/; classtype:trojan-activity;sid:84333921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.198.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470820/; classtype:trojan-activity;sid:84333920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470819/; classtype:trojan-activity;sid:84333919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.102.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470818/; classtype:trojan-activity;sid:84333918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.128.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470817/; classtype:trojan-activity;sid:84333917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.122.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470816/; classtype:trojan-activity;sid:84333916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.184.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470815/; classtype:trojan-activity;sid:84333915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.77.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470814/; classtype:trojan-activity;sid:84333914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470813/; classtype:trojan-activity;sid:84333913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470812/; classtype:trojan-activity;sid:84333912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.189.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470811/; classtype:trojan-activity;sid:84333911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470810/; classtype:trojan-activity;sid:84333910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470809)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_dime.mp3"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"u1.drizzleraving.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470809/; classtype:trojan-activity;sid:84333909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.49.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470808/; classtype:trojan-activity;sid:84333908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.120.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470807/; classtype:trojan-activity;sid:84333907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.77.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470806/; classtype:trojan-activity;sid:84333906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470805/; classtype:trojan-activity;sid:84333905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470804/; classtype:trojan-activity;sid:84333904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.184.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470803/; classtype:trojan-activity;sid:84333903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470799)"; flow:established,from_client; content:"GET"; http_method; content:"/a/winutils.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"208.85.20.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470799/; classtype:trojan-activity;sid:84333899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470800)"; flow:established,from_client; content:"GET"; http_method; content:"/a/052852.ocx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.85.20.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470800/; classtype:trojan-activity;sid:84333900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470801)"; flow:established,from_client; content:"GET"; http_method; content:"/a/winutil.ocx"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"208.85.20.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470801/; classtype:trojan-activity;sid:84333901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470802)"; flow:established,from_client; content:"GET"; http_method; content:"/a/chromeutils.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"208.85.20.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470802/; classtype:trojan-activity;sid:84333902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.133.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470798/; classtype:trojan-activity;sid:84333898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.58.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470797/; classtype:trojan-activity;sid:84333897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.244.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470796/; classtype:trojan-activity;sid:84333896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.103.206.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470795/; classtype:trojan-activity;sid:84333895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.98.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470794/; classtype:trojan-activity;sid:84333894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470793)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.152.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470793/; classtype:trojan-activity;sid:84333893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470792)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.150.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470792/; classtype:trojan-activity;sid:84333892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470789)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.148.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470789/; classtype:trojan-activity;sid:84333889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470790)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.189.45.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470790/; classtype:trojan-activity;sid:84333890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470791)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.185.85.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470791/; classtype:trojan-activity;sid:84333891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.1.234.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470785/; classtype:trojan-activity;sid:84333885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470786)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.11.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470786/; classtype:trojan-activity;sid:84333886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470787)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.228.154.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470787/; classtype:trojan-activity;sid:84333887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.72.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470788/; classtype:trojan-activity;sid:84333888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.161.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470780/; classtype:trojan-activity;sid:84333880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470781)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.181.236.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470781/; classtype:trojan-activity;sid:84333881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470782)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.143.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470782/; classtype:trojan-activity;sid:84333882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470783)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.94.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470783/; classtype:trojan-activity;sid:84333883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.142.224.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470784/; classtype:trojan-activity;sid:84333884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.12.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470779/; classtype:trojan-activity;sid:84333879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470778/; classtype:trojan-activity;sid:84333878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.14.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470777/; classtype:trojan-activity;sid:84333877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.120.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470776/; classtype:trojan-activity;sid:84333876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.103.206.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470775/; classtype:trojan-activity;sid:84333875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.28.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470774/; classtype:trojan-activity;sid:84333874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470769/; classtype:trojan-activity;sid:84333869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.115.33.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470770/; classtype:trojan-activity;sid:84333870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.142.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470771/; classtype:trojan-activity;sid:84333871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470772/; classtype:trojan-activity;sid:84333872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.52.133.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470773/; classtype:trojan-activity;sid:84333873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.153.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470768/; classtype:trojan-activity;sid:84333868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.138"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470767/; classtype:trojan-activity;sid:84333867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.104.228.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470766/; classtype:trojan-activity;sid:84333866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.35.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470765/; classtype:trojan-activity;sid:84333865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.159.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470764/; classtype:trojan-activity;sid:84333864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470763/; classtype:trojan-activity;sid:84333863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470762/; classtype:trojan-activity;sid:84333862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470761/; classtype:trojan-activity;sid:84333861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.89.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470759/; classtype:trojan-activity;sid:84333859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470760/; classtype:trojan-activity;sid:84333860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.105.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470758/; classtype:trojan-activity;sid:84333858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.175.229.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470757/; classtype:trojan-activity;sid:84333857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.117.30.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470753/; classtype:trojan-activity;sid:84333853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.240.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470754/; classtype:trojan-activity;sid:84333854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.183.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470755/; classtype:trojan-activity;sid:84333855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.210.149.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470756/; classtype:trojan-activity;sid:84333856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.190.54.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470750/; classtype:trojan-activity;sid:84333850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.32.164.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470751/; classtype:trojan-activity;sid:84333851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.96.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470752/; classtype:trojan-activity;sid:84333852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.14.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470749/; classtype:trojan-activity;sid:84333849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.11.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470746/; classtype:trojan-activity;sid:84333846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.230.58.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470747/; classtype:trojan-activity;sid:84333847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.91.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470748/; classtype:trojan-activity;sid:84333848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.50.84.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470742/; classtype:trojan-activity;sid:84333842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.126.54.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470743/; classtype:trojan-activity;sid:84333843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.109.227.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470744/; classtype:trojan-activity;sid:84333844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.109.227.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470745/; classtype:trojan-activity;sid:84333845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.151.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470741/; classtype:trojan-activity;sid:84333841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.14.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470740/; classtype:trojan-activity;sid:84333840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.240.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470739/; classtype:trojan-activity;sid:84333839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470737/; classtype:trojan-activity;sid:84333837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470738/; classtype:trojan-activity;sid:84333838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.252.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470736/; classtype:trojan-activity;sid:84333836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470733)"; flow:established,from_client; content:"GET"; http_method; content:"/nioxxy.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"20.229.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470733/; classtype:trojan-activity;sid:84333833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470734)"; flow:established,from_client; content:"GET"; http_method; content:"/niox.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.229.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470734/; classtype:trojan-activity;sid:84333834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470735)"; flow:established,from_client; content:"GET"; http_method; content:"/nioxclient.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.229.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470735/; classtype:trojan-activity;sid:84333835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.89.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470732/; classtype:trojan-activity;sid:84333832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470731)"; flow:established,from_client; content:"GET"; http_method; content:"/nioxclient.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.229.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470731/; classtype:trojan-activity;sid:84333831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.134.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470730/; classtype:trojan-activity;sid:84333830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.187.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470729/; classtype:trojan-activity;sid:84333829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.6.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470728/; classtype:trojan-activity;sid:84333828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470727/; classtype:trojan-activity;sid:84333827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.251.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470726/; classtype:trojan-activity;sid:84333826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470725/; classtype:trojan-activity;sid:84333825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470724/; classtype:trojan-activity;sid:84333824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.131.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470723/; classtype:trojan-activity;sid:84333823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.233.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470722/; classtype:trojan-activity;sid:84333822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.254.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470721/; classtype:trojan-activity;sid:84333821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.27.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470720/; classtype:trojan-activity;sid:84333820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.242.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470719/; classtype:trojan-activity;sid:84333819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470718/; classtype:trojan-activity;sid:84333818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.85.180.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470717/; classtype:trojan-activity;sid:84333817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.183.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470715/; classtype:trojan-activity;sid:84333815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.85.180.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470716/; classtype:trojan-activity;sid:84333816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470714/; classtype:trojan-activity;sid:84333814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.54.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470713/; classtype:trojan-activity;sid:84333813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.106.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470712/; classtype:trojan-activity;sid:84333812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.249.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470711/; classtype:trojan-activity;sid:84333811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470709)"; flow:established,from_client; content:"GET"; http_method; content:"/wstrb.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"146.185.233.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470709/; classtype:trojan-activity;sid:84333809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470710)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/nv/niceworkingskillwthichbetterperformancefromme.hta"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"172.245.123.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470710/; classtype:trojan-activity;sid:84333810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470708/; classtype:trojan-activity;sid:84333808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470707)"; flow:established,from_client; content:"GET"; http_method; content:"/comp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.19.131.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470707/; classtype:trojan-activity;sid:84333807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470706)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kk/ll.hta"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.98.10.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470706/; classtype:trojan-activity;sid:84333806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.240.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470705/; classtype:trojan-activity;sid:84333805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470704)"; flow:established,from_client; content:"GET"; http_method; content:"/452/nicegirlwanttokissingmylipswithnicely.hta"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"23.95.235.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470704/; classtype:trojan-activity;sid:84333804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470703)"; flow:established,from_client; content:"GET"; http_method; content:"/siarhei_korbut_-_salary.mp3"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"u1.puckerlinguist.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470703/; classtype:trojan-activity;sid:84333803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.254.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470702/; classtype:trojan-activity;sid:84333802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.29.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470701/; classtype:trojan-activity;sid:84333801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.165.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470700/; classtype:trojan-activity;sid:84333800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470699/; classtype:trojan-activity;sid:84333799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.242.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470698/; classtype:trojan-activity;sid:84333798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470697)"; flow:established,from_client; content:"GET"; http_method; content:"/35/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.98.10.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470697/; classtype:trojan-activity;sid:84333797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.10.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470696/; classtype:trojan-activity;sid:84333796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.183.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470695/; classtype:trojan-activity;sid:84333795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.8.208"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470694/; classtype:trojan-activity;sid:84333794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.242.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470693/; classtype:trojan-activity;sid:84333793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470692)"; flow:established,from_client; content:"GET"; http_method; content:"/murker.lpk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pendeliveryhl.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470692/; classtype:trojan-activity;sid:84333792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470691)"; flow:established,from_client; content:"GET"; http_method; content:"/zpoxpi208.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pendeliveryhl.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470691/; classtype:trojan-activity;sid:84333791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470690/; classtype:trojan-activity;sid:84333790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470689)"; flow:established,from_client; content:"GET"; http_method; content:"/rdakwa/raw/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.pastery.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470689/; classtype:trojan-activity;sid:84333789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470687)"; flow:established,from_client; content:"GET"; http_method; content:"/images/screentime.vbs"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"growthinsightit.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470687/; classtype:trojan-activity;sid:84333787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470688)"; flow:established,from_client; content:"GET"; http_method; content:"/images/streamfarms.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"growthinsightit.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470688/; classtype:trojan-activity;sid:84333788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.54.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470686/; classtype:trojan-activity;sid:84333786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.214.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470685/; classtype:trojan-activity;sid:84333785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470684)"; flow:established,from_client; content:"GET"; http_method; content:"/download/6b4cc14c9c6445989353e73e97374f17.txt"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"87.121.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470684/; classtype:trojan-activity;sid:84333784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470683)"; flow:established,from_client; content:"GET"; http_method; content:"/f/precovery.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"pulseon.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470683/; classtype:trojan-activity;sid:84333783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470682)"; flow:established,from_client; content:"GET"; http_method; content:"/f/packed.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pulseon.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470682/; classtype:trojan-activity;sid:84333782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470681)"; flow:established,from_client; content:"GET"; http_method; content:"/f/putty.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pulseon.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470681/; classtype:trojan-activity;sid:84333781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470680)"; flow:established,from_client; content:"GET"; http_method; content:"//kj2h34kj23h4/sqlite3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"dugong.ydns.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470680/; classtype:trojan-activity;sid:84333780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.166.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470678/; classtype:trojan-activity;sid:84333778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470679)"; flow:established,from_client; content:"GET"; http_method; content:"//kj2h34kj23h4/freebl3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"dugong.ydns.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470679/; classtype:trojan-activity;sid:84333779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470676/; classtype:trojan-activity;sid:84333776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.86.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470677/; classtype:trojan-activity;sid:84333777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.29.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470675/; classtype:trojan-activity;sid:84333775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.86.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470674/; classtype:trojan-activity;sid:84333774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.242.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470673/; classtype:trojan-activity;sid:84333773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.156.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470672/; classtype:trojan-activity;sid:84333772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470671)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1728896464326/4.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470671/; classtype:trojan-activity;sid:84333771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470670)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741169086388/3.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470670/; classtype:trojan-activity;sid:84333770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470669)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741169086388/4.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470669/; classtype:trojan-activity;sid:84333769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470668)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741001373486/7.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470668/; classtype:trojan-activity;sid:84333768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470667/; classtype:trojan-activity;sid:84333767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.8.208"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470666/; classtype:trojan-activity;sid:84333766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470665)"; flow:established,from_client; content:"GET"; http_method; content:"/pol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pqoqllalll.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470665/; classtype:trojan-activity;sid:84333765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470664)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7501756902/pqkvdtx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470664/; classtype:trojan-activity;sid:84333764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470663)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5526411762/yui6f6c.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470663/; classtype:trojan-activity;sid:84333763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470658)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7853925217/ogfnbjs.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470658/; classtype:trojan-activity;sid:84333758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470659)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7821444099/miri3a9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470659/; classtype:trojan-activity;sid:84333759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470660)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7222648325/2qv26zf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470660/; classtype:trojan-activity;sid:84333760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470661)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6491397189/t0qdo0l.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470661/; classtype:trojan-activity;sid:84333761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470662)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6605089922/7i2bmnf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470662/; classtype:trojan-activity;sid:84333762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470657)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2043702969/gjthraj.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470657/; classtype:trojan-activity;sid:84333757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.165.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470656/; classtype:trojan-activity;sid:84333756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.215.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470655/; classtype:trojan-activity;sid:84333755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470654/; classtype:trojan-activity;sid:84333754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.156.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470653/; classtype:trojan-activity;sid:84333753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.76.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470651/; classtype:trojan-activity;sid:84333751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.71.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470652/; classtype:trojan-activity;sid:84333752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.145.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470650/; classtype:trojan-activity;sid:84333750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.51.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470649/; classtype:trojan-activity;sid:84333749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.250.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470648/; classtype:trojan-activity;sid:84333748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470647/; classtype:trojan-activity;sid:84333747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.89.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470646/; classtype:trojan-activity;sid:84333746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470645)"; flow:established,from_client; content:"GET"; http_method; content:"/001.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.168.28.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470645/; classtype:trojan-activity;sid:84333745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470644/; classtype:trojan-activity;sid:84333744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470643)"; flow:established,from_client; content:"GET"; http_method; content:"/data/001"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"104.168.28.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470643/; classtype:trojan-activity;sid:84333743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470642)"; flow:established,from_client; content:"GET"; http_method; content:"/003/01/inst.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"104.168.28.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470642/; classtype:trojan-activity;sid:84333742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.71.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470641/; classtype:trojan-activity;sid:84333741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.98.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470640/; classtype:trojan-activity;sid:84333740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.45.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470639/; classtype:trojan-activity;sid:84333739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.183.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470638/; classtype:trojan-activity;sid:84333738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470637/; classtype:trojan-activity;sid:84333737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.66.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470635/; classtype:trojan-activity;sid:84333735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470633)"; flow:established,from_client; content:"GET"; http_method; content:"/files/dinnmamunms/cubrodriver.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.59.120.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470633/; classtype:trojan-activity;sid:84333733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470634/; classtype:trojan-activity;sid:84333734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.250.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470632/; classtype:trojan-activity;sid:84333732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470631)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/v0bt74c.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470631/; classtype:trojan-activity;sid:84333731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470628)"; flow:established,from_client; content:"GET"; http_method; content:"/rms.msi|3f|sn=65"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"floatnightlife.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470628/; classtype:trojan-activity;sid:84333728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470627)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/files.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"angelcheats.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470627/; classtype:trojan-activity;sid:84333727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470625/; classtype:trojan-activity;sid:84333725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470623)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/fdfdsffds/releases/download/fgdfgfdg/screenconnect.clientsetup_2.exe"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470623/; classtype:trojan-activity;sid:84333723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470622)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/ksdjfkjdsf/releases/download/fdfsdfdsfds/capt1cha.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470622/; classtype:trojan-activity;sid:84333722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470620)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/dfsfdsfdsfds/releases/download/dfsfsdfds/begin.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470620/; classtype:trojan-activity;sid:84333720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470621)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/dsfksdfkds/releases/download/dsfdsfdsdf/xmztsvye_l10_wix4_dash.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470621/; classtype:trojan-activity;sid:84333721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470603)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/dsfsdfs/releases/download/dfsfdsdfsfds/calcvaults.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470603/; classtype:trojan-activity;sid:84333703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470604)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/dsfsdffds/releases/download/fdsfsfdfdsdfs/alex12312.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470604/; classtype:trojan-activity;sid:84333704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470605)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/ewfksdlfmv/releases/download/dsfdsfds/gold.rim.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470605/; classtype:trojan-activity;sid:84333705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470606)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/fdfsdfdssfd/releases/download/dfsdfsdfsdsf/fher.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470606/; classtype:trojan-activity;sid:84333706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470607)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/sdfsdffdsdfs/releases/download/dsffdsdfsdfs/alex122121.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470607/; classtype:trojan-activity;sid:84333707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470608)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/dfsfsdfsd/releases/download/dsfsdfdfsfsd/cronikxqqq.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470608/; classtype:trojan-activity;sid:84333708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470609)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/dsfdfsfdsfdsfdsfds/releases/download/dsfjdfjsdfjsdfs/chromeupdate.exe"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470609/; classtype:trojan-activity;sid:84333709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470610)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/fedsfdsfds/releases/download/dsfdsfdfsdfs/alex1213321.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470610/; classtype:trojan-activity;sid:84333710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470611)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/fsddfsdfsdfsdfsfds/releases/download/sdfdfsdsfdsf/fuck122112.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470611/; classtype:trojan-activity;sid:84333711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470612)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/fsdfdsfds/releases/download/sdffdsfsddfs/alex12112.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470612/; classtype:trojan-activity;sid:84333712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470613)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/sdffdsfdssd/releases/download/sdffdfdsfd/alex.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470613/; classtype:trojan-activity;sid:84333713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470614)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/dfsdffdsfs/releases/download/fsdfssfdsdf/lead.upload.report.feb.2025.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470614/; classtype:trojan-activity;sid:84333714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470615)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/fdsfsdfdsfds/releases/download/dfsfdsfdsdsf/con12312211221.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470615/; classtype:trojan-activity;sid:84333715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470616)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/dfsfdsfdsfds12/releases/download/dsfdsasasasa/done12312.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470616/; classtype:trojan-activity;sid:84333716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470617)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/saffsfsd/releases/download/dsffdssff/12321321.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470617/; classtype:trojan-activity;sid:84333717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470618)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/edffsdfds/releases/download/fsdfdsdfs/alex111111.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470618/; classtype:trojan-activity;sid:84333718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470619)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/sdfdsfdsfdsfds/releases/download/sdffdsfdssfdfsdfddfs/valorant_esp_aimbot.exe"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470619/; classtype:trojan-activity;sid:84333719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470600)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5153162918/pwhxmty.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470600/; classtype:trojan-activity;sid:84333700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470601)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7563570503/skf7if4.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470601/; classtype:trojan-activity;sid:84333701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470602)"; flow:established,from_client; content:"GET"; http_method; content:"/legendary99999/llllll/releases/download/kkkkkk/metatrader.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470602/; classtype:trojan-activity;sid:84333702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470598)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1644719861/sqvwjvh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470598/; classtype:trojan-activity;sid:84333698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470599)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5526411762/cgmat61.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470599/; classtype:trojan-activity;sid:84333699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470597)"; flow:established,from_client; content:"GET"; http_method; content:"/file/bot7446828960:aaekc-o_ddrgi8yyko2bp5lrb5ceoyxbg8w/documents/file_3.bin"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"api.telegram.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470597/; classtype:trojan-activity;sid:84333697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470596)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2043702969/gjthraj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470596/; classtype:trojan-activity;sid:84333696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.55.177.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470595/; classtype:trojan-activity;sid:84333695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.98.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470594/; classtype:trojan-activity;sid:84333694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470593)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/ypaawgbx1kq03oh/lilac.mp3/file"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470593/; classtype:trojan-activity;sid:84333693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.122.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470592/; classtype:trojan-activity;sid:84333692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470591/; classtype:trojan-activity;sid:84333691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470590/; classtype:trojan-activity;sid:84333690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.48.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470589/; classtype:trojan-activity;sid:84333689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470588/; classtype:trojan-activity;sid:84333688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.206.75.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470587/; classtype:trojan-activity;sid:84333687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.183.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470586/; classtype:trojan-activity;sid:84333686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.5.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470585/; classtype:trojan-activity;sid:84333685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.159.17.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470584/; classtype:trojan-activity;sid:84333684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.168.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470583/; classtype:trojan-activity;sid:84333683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.33.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470582/; classtype:trojan-activity;sid:84333682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.80.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470581/; classtype:trojan-activity;sid:84333681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.122.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470580/; classtype:trojan-activity;sid:84333680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.67.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470579/; classtype:trojan-activity;sid:84333679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.159.17.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470578/; classtype:trojan-activity;sid:84333678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.156.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470577/; classtype:trojan-activity;sid:84333677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.212.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470576/; classtype:trojan-activity;sid:84333676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470575/; classtype:trojan-activity;sid:84333675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470574/; classtype:trojan-activity;sid:84333674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.235.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470572/; classtype:trojan-activity;sid:84333672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470573/; classtype:trojan-activity;sid:84333673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.212.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470571/; classtype:trojan-activity;sid:84333671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.112.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470570/; classtype:trojan-activity;sid:84333670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470569/; classtype:trojan-activity;sid:84333669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.22.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470568/; classtype:trojan-activity;sid:84333668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470567/; classtype:trojan-activity;sid:84333667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.68.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470566/; classtype:trojan-activity;sid:84333666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.134.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470565/; classtype:trojan-activity;sid:84333665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.214.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470564/; classtype:trojan-activity;sid:84333664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.171.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470563/; classtype:trojan-activity;sid:84333663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.11.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470562/; classtype:trojan-activity;sid:84333662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470561)"; flow:established,from_client; content:"GET"; http_method; content:"/10.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.202.233.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470561/; classtype:trojan-activity;sid:84333661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470560)"; flow:established,from_client; content:"GET"; http_method; content:"/18m4una2mq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.164.4.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470560/; classtype:trojan-activity;sid:84333660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470558)"; flow:established,from_client; content:"GET"; http_method; content:"/bjhppxfey5.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.164.4.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470558/; classtype:trojan-activity;sid:84333658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.68.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470559/; classtype:trojan-activity;sid:84333659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470557)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsauthost.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"32e7ca523408.vps.myjino.ru"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470557/; classtype:trojan-activity;sid:84333657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470556)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsnnnqa/trafer2.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"detool5g.beget.tech"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470556/; classtype:trojan-activity;sid:84333656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470555)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsnnnqa/mainstl.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"detool5g.beget.tech"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470555/; classtype:trojan-activity;sid:84333655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470554/; classtype:trojan-activity;sid:84333654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470553)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/conn.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470553/; classtype:trojan-activity;sid:84333653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470551)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/freak.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470551/; classtype:trojan-activity;sid:84333651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470552)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/emma.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470552/; classtype:trojan-activity;sid:84333652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.123.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470547/; classtype:trojan-activity;sid:84333647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470548)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/devil.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470548/; classtype:trojan-activity;sid:84333648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470549)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/money.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470549/; classtype:trojan-activity;sid:84333649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470550)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/vik.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470550/; classtype:trojan-activity;sid:84333650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470546)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/ps1.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470546/; classtype:trojan-activity;sid:84333646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470545)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/dressman.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470545/; classtype:trojan-activity;sid:84333645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470543)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/converter.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470543/; classtype:trojan-activity;sid:84333643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470544)"; flow:established,from_client; content:"GET"; http_method; content:"/crypt/hustle.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"147.124.213.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470544/; classtype:trojan-activity;sid:84333644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.197.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470542/; classtype:trojan-activity;sid:84333642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470541)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.vadom.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470541/; classtype:trojan-activity;sid:84333641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.171.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470540/; classtype:trojan-activity;sid:84333640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470539)"; flow:established,from_client; content:"GET"; http_method; content:"/qzzaqffd/epgfv132.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"chneiu.icu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470539/; classtype:trojan-activity;sid:84333639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.134.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470538/; classtype:trojan-activity;sid:84333638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.197.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470537/; classtype:trojan-activity;sid:84333637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470536)"; flow:established,from_client; content:"GET"; http_method; content:"/bmwxmrig/xmrig.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"bmw4i428.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470536/; classtype:trojan-activity;sid:84333636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470535)"; flow:established,from_client; content:"GET"; http_method; content:"/bmwxmrig/winring0x64.sys"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bmw4i428.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470535/; classtype:trojan-activity;sid:84333635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.123.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470534/; classtype:trojan-activity;sid:84333634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470533/; classtype:trojan-activity;sid:84333633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.8.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470532/; classtype:trojan-activity;sid:84333632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470531)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.mepum.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470531/; classtype:trojan-activity;sid:84333631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470530)"; flow:established,from_client; content:"GET"; http_method; content:"/georgefloyd.bat"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cf-prod-cap.cfd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470530/; classtype:trojan-activity;sid:84333630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470528)"; flow:established,from_client; content:"GET"; http_method; content:"/cf_verif.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cf-prod-cap.cfd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470528/; classtype:trojan-activity;sid:84333628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470529)"; flow:established,from_client; content:"GET"; http_method; content:"/aliu1.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cf-prod-cap.cfd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470529/; classtype:trojan-activity;sid:84333629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.73.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470526/; classtype:trojan-activity;sid:84333626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.22.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470525/; classtype:trojan-activity;sid:84333625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.12.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470524/; classtype:trojan-activity;sid:84333624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.119.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470522/; classtype:trojan-activity;sid:84333622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.202"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470523/; classtype:trojan-activity;sid:84333623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470521/; classtype:trojan-activity;sid:84333621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.98.36.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470518/; classtype:trojan-activity;sid:84333618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.73.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470519/; classtype:trojan-activity;sid:84333619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.243.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470520/; classtype:trojan-activity;sid:84333620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470516/; classtype:trojan-activity;sid:84333616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.233.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470517/; classtype:trojan-activity;sid:84333617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.120.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470515/; classtype:trojan-activity;sid:84333615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470514/; classtype:trojan-activity;sid:84333614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470512)"; flow:established,from_client; content:"GET"; http_method; content:"/studio.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.23.98.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470512/; classtype:trojan-activity;sid:84333612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470513)"; flow:established,from_client; content:"GET"; http_method; content:"/panoramastudio.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.23.98.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470513/; classtype:trojan-activity;sid:84333613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.197.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470511/; classtype:trojan-activity;sid:84333611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.255.13.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470507/; classtype:trojan-activity;sid:84333607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.161.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470508/; classtype:trojan-activity;sid:84333608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.188.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470509/; classtype:trojan-activity;sid:84333609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.6.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470510/; classtype:trojan-activity;sid:84333610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.103.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470506/; classtype:trojan-activity;sid:84333606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470505/; classtype:trojan-activity;sid:84333605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470503)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/qbezz.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470503/; classtype:trojan-activity;sid:84333603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470504)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/trwghbkmqbw.dat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470504/; classtype:trojan-activity;sid:84333604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470502)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/rebspn.dat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470502/; classtype:trojan-activity;sid:84333602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470501)"; flow:established,from_client; content:"GET"; http_method; content:"/ugkflqrnkm95.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mirok.click"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470501/; classtype:trojan-activity;sid:84333601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470500)"; flow:established,from_client; content:"GET"; http_method; content:"/ftbjypzloqq40.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.92.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470500/; classtype:trojan-activity;sid:84333600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.68.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470498/; classtype:trojan-activity;sid:84333598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.22.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470499/; classtype:trojan-activity;sid:84333599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.68.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470497/; classtype:trojan-activity;sid:84333597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470496/; classtype:trojan-activity;sid:84333596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.225.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470494/; classtype:trojan-activity;sid:84333594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.97.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470495/; classtype:trojan-activity;sid:84333595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.12.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470493/; classtype:trojan-activity;sid:84333593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.22.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470492/; classtype:trojan-activity;sid:84333592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.171.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470491/; classtype:trojan-activity;sid:84333591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.129.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470490/; classtype:trojan-activity;sid:84333590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.233.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470489/; classtype:trojan-activity;sid:84333589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.185.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470488/; classtype:trojan-activity;sid:84333588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.97.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470487/; classtype:trojan-activity;sid:84333587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470486/; classtype:trojan-activity;sid:84333586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470485)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc2be5bddda548dec3c2d88464a698627ac9447aae621d8.wks"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"u1.wildnessreflected.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470485/; classtype:trojan-activity;sid:84333585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.92.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470484/; classtype:trojan-activity;sid:84333584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.225.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470483/; classtype:trojan-activity;sid:84333583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.233.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470482/; classtype:trojan-activity;sid:84333582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.249.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470480/; classtype:trojan-activity;sid:84333580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.52.133.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470481/; classtype:trojan-activity;sid:84333581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470479)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470479/; classtype:trojan-activity;sid:84333579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.40.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470477/; classtype:trojan-activity;sid:84333577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.76.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470478/; classtype:trojan-activity;sid:84333578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470476)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.81.68.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470476/; classtype:trojan-activity;sid:84333576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.185.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470475/; classtype:trojan-activity;sid:84333575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.28.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470474/; classtype:trojan-activity;sid:84333574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.59.119.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470473/; classtype:trojan-activity;sid:84333573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.180.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470472/; classtype:trojan-activity;sid:84333572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470471)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470471/; classtype:trojan-activity;sid:84333571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470469)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jipaf.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470469/; classtype:trojan-activity;sid:84333569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470470/; classtype:trojan-activity;sid:84333570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.253.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470468/; classtype:trojan-activity;sid:84333568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470467/; classtype:trojan-activity;sid:84333567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.225.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470466/; classtype:trojan-activity;sid:84333566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.40.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470465/; classtype:trojan-activity;sid:84333565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470464)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470464/; classtype:trojan-activity;sid:84333564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470463)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/j17e9ti9ao645wk/after_work.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470463/; classtype:trojan-activity;sid:84333563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470462)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470462/; classtype:trojan-activity;sid:84333562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470451)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470451/; classtype:trojan-activity;sid:84333551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470452)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470452/; classtype:trojan-activity;sid:84333552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470453)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470453/; classtype:trojan-activity;sid:84333553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470454)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470454/; classtype:trojan-activity;sid:84333554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470455)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470455/; classtype:trojan-activity;sid:84333555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470456)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470456/; classtype:trojan-activity;sid:84333556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470457)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470457/; classtype:trojan-activity;sid:84333557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470458)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470458/; classtype:trojan-activity;sid:84333558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470459)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470459/; classtype:trojan-activity;sid:84333559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470460)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470460/; classtype:trojan-activity;sid:84333560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470461)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470461/; classtype:trojan-activity;sid:84333561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470450)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470450/; classtype:trojan-activity;sid:84333550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470448)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470448/; classtype:trojan-activity;sid:84333548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470449)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.i468"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470449/; classtype:trojan-activity;sid:84333549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470446)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr/blah.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"160.191.245.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470446/; classtype:trojan-activity;sid:84333546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470447)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470447/; classtype:trojan-activity;sid:84333547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470445)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470445/; classtype:trojan-activity;sid:84333545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470444)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470444/; classtype:trojan-activity;sid:84333544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470436)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470436/; classtype:trojan-activity;sid:84333536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470437)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470437/; classtype:trojan-activity;sid:84333537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470438)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470438/; classtype:trojan-activity;sid:84333538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470439)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470439/; classtype:trojan-activity;sid:84333539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470440)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470440/; classtype:trojan-activity;sid:84333540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470441)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470441/; classtype:trojan-activity;sid:84333541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470442)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470442/; classtype:trojan-activity;sid:84333542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470443)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470443/; classtype:trojan-activity;sid:84333543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470435)"; flow:established,from_client; content:"GET"; http_method; content:"/rt.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.255.85.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470435/; classtype:trojan-activity;sid:84333535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470434)"; flow:established,from_client; content:"GET"; http_method; content:"/htdocs.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.212.166.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470434/; classtype:trojan-activity;sid:84333534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.32.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470433/; classtype:trojan-activity;sid:84333533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.67.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470432/; classtype:trojan-activity;sid:84333532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.52.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470431/; classtype:trojan-activity;sid:84333531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470430/; classtype:trojan-activity;sid:84333530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.50.70.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470429/; classtype:trojan-activity;sid:84333529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.76.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470428/; classtype:trojan-activity;sid:84333528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470427)"; flow:established,from_client; content:"GET"; http_method; content:"/a.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470427/; classtype:trojan-activity;sid:84333527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470425)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.7.214.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470425/; classtype:trojan-activity;sid:84333525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470426)"; flow:established,from_client; content:"GET"; http_method; content:"/b.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470426/; classtype:trojan-activity;sid:84333526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470423)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.42.12.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470423/; classtype:trojan-activity;sid:84333523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.71.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470422/; classtype:trojan-activity;sid:84333522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470416)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.202.233.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470416/; classtype:trojan-activity;sid:84333516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470417)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.202.233.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470417/; classtype:trojan-activity;sid:84333517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470418)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.202.233.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470418/; classtype:trojan-activity;sid:84333518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470419)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.202.233.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470419/; classtype:trojan-activity;sid:84333519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470420)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.202.233.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470420/; classtype:trojan-activity;sid:84333520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470421)"; flow:established,from_client; content:"GET"; http_method; content:"/we.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.7.214.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470421/; classtype:trojan-activity;sid:84333521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.201.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470414/; classtype:trojan-activity;sid:84333514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.168.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470415/; classtype:trojan-activity;sid:84333515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.21.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470413/; classtype:trojan-activity;sid:84333513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.67.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470412/; classtype:trojan-activity;sid:84333512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.71.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470411/; classtype:trojan-activity;sid:84333511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470410/; classtype:trojan-activity;sid:84333510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.24.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470409/; classtype:trojan-activity;sid:84333509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.156.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470407/; classtype:trojan-activity;sid:84333507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.201.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470408/; classtype:trojan-activity;sid:84333508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470406/; classtype:trojan-activity;sid:84333506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.168.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470405/; classtype:trojan-activity;sid:84333505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.21.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470404/; classtype:trojan-activity;sid:84333504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470403)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jemyq.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470403/; classtype:trojan-activity;sid:84333503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.27.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470402/; classtype:trojan-activity;sid:84333502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.202.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470401/; classtype:trojan-activity;sid:84333501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.240.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470400/; classtype:trojan-activity;sid:84333500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470399/; classtype:trojan-activity;sid:84333499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.228.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470398/; classtype:trojan-activity;sid:84333498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.240.37.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470397/; classtype:trojan-activity;sid:84333497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470396)"; flow:established,from_client; content:"GET"; http_method; content:"/0x83911d24fx.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.100.37.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470396/; classtype:trojan-activity;sid:84333496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470395/; classtype:trojan-activity;sid:84333495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470394/; classtype:trojan-activity;sid:84333494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.27.43.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470393/; classtype:trojan-activity;sid:84333493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.226.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470392/; classtype:trojan-activity;sid:84333492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.41.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470391/; classtype:trojan-activity;sid:84333491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.149.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470390/; classtype:trojan-activity;sid:84333490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.81.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470389/; classtype:trojan-activity;sid:84333489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.240.37.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470388/; classtype:trojan-activity;sid:84333488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.214.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470387/; classtype:trojan-activity;sid:84333487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.161.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470386/; classtype:trojan-activity;sid:84333486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470385/; classtype:trojan-activity;sid:84333485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.27.43.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470384/; classtype:trojan-activity;sid:84333484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.225.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470383/; classtype:trojan-activity;sid:84333483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.78.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470381/; classtype:trojan-activity;sid:84333481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.248.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470382/; classtype:trojan-activity;sid:84333482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470375/; classtype:trojan-activity;sid:84333475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470376/; classtype:trojan-activity;sid:84333476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470377/; classtype:trojan-activity;sid:84333477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.47.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470378/; classtype:trojan-activity;sid:84333478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470379/; classtype:trojan-activity;sid:84333479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.229.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470380/; classtype:trojan-activity;sid:84333480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470374/; classtype:trojan-activity;sid:84333474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.130.77.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470373/; classtype:trojan-activity;sid:84333473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.130.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470371/; classtype:trojan-activity;sid:84333471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.169.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470372/; classtype:trojan-activity;sid:84333472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.119.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470370/; classtype:trojan-activity;sid:84333470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.103.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470369/; classtype:trojan-activity;sid:84333469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.84.139.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470368/; classtype:trojan-activity;sid:84333468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.38.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470367/; classtype:trojan-activity;sid:84333467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470366)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470366/; classtype:trojan-activity;sid:84333466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.226.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470365/; classtype:trojan-activity;sid:84333465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.11.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470364/; classtype:trojan-activity;sid:84333464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.24.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470362/; classtype:trojan-activity;sid:84333462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.92.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470363/; classtype:trojan-activity;sid:84333463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470361/; classtype:trojan-activity;sid:84333461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.130.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470360/; classtype:trojan-activity;sid:84333460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470359/; classtype:trojan-activity;sid:84333459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.41.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470358/; classtype:trojan-activity;sid:84333458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.205.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470357/; classtype:trojan-activity;sid:84333457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.84.139.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470356/; classtype:trojan-activity;sid:84333456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.198.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470355/; classtype:trojan-activity;sid:84333455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.182.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470354/; classtype:trojan-activity;sid:84333454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470353/; classtype:trojan-activity;sid:84333453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.146.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470352/; classtype:trojan-activity;sid:84333452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.86.7.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470351/; classtype:trojan-activity;sid:84333451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470350)"; flow:established,from_client; content:"GET"; http_method; content:"/studiolegaleetributario"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t2m.io"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470350/; classtype:trojan-activity;sid:84333450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.154.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470349/; classtype:trojan-activity;sid:84333449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.145.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470348/; classtype:trojan-activity;sid:84333448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470347)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.106.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470347/; classtype:trojan-activity;sid:84333447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.240.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470346/; classtype:trojan-activity;sid:84333446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.154.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470345/; classtype:trojan-activity;sid:84333445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.170.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470344/; classtype:trojan-activity;sid:84333444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.86.7.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470343/; classtype:trojan-activity;sid:84333443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.243.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470342/; classtype:trojan-activity;sid:84333442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.252.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470341/; classtype:trojan-activity;sid:84333441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.77.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470340/; classtype:trojan-activity;sid:84333440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.145.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470338/; classtype:trojan-activity;sid:84333438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.74.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470339/; classtype:trojan-activity;sid:84333439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470336/; classtype:trojan-activity;sid:84333436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.192.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470337/; classtype:trojan-activity;sid:84333437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470335/; classtype:trojan-activity;sid:84333435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470334/; classtype:trojan-activity;sid:84333434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.110.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470330/; classtype:trojan-activity;sid:84333430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.91.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470331/; classtype:trojan-activity;sid:84333431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.11.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470332/; classtype:trojan-activity;sid:84333432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.191.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470333/; classtype:trojan-activity;sid:84333433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470329/; classtype:trojan-activity;sid:84333429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470328/; classtype:trojan-activity;sid:84333428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.77.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470327/; classtype:trojan-activity;sid:84333427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.111.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470326/; classtype:trojan-activity;sid:84333426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.170.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470325/; classtype:trojan-activity;sid:84333425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.83.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470324/; classtype:trojan-activity;sid:84333424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.163.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470323/; classtype:trojan-activity;sid:84333423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.252.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470322/; classtype:trojan-activity;sid:84333422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470321/; classtype:trojan-activity;sid:84333421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.65.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470320/; classtype:trojan-activity;sid:84333420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.102.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470319/; classtype:trojan-activity;sid:84333419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.192.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470318/; classtype:trojan-activity;sid:84333418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.6.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470317/; classtype:trojan-activity;sid:84333417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470316/; classtype:trojan-activity;sid:84333416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.224.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470315/; classtype:trojan-activity;sid:84333415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.96.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470313/; classtype:trojan-activity;sid:84333413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.186.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470314/; classtype:trojan-activity;sid:84333414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.1.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470312/; classtype:trojan-activity;sid:84333412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.74.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470311/; classtype:trojan-activity;sid:84333411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470310/; classtype:trojan-activity;sid:84333410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.236.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470309/; classtype:trojan-activity;sid:84333409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470308)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/09t3n35ofskitjw/after_work.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470308/; classtype:trojan-activity;sid:84333408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.96.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470307/; classtype:trojan-activity;sid:84333407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.252.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470305/; classtype:trojan-activity;sid:84333405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470306/; classtype:trojan-activity;sid:84333406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.176.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470303/; classtype:trojan-activity;sid:84333403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.65.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470304/; classtype:trojan-activity;sid:84333404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470302)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/clbq95q0kptendvip1metel6jcdhrips_b-55xqv03u-mbsmx6iaa38ts2w3auopsqejldt7-zwp4j6u8as4hunlqc-sri6edhfeqfrupxt4ossnej9qxoi5g8xkudj2w5uqoohw2umlhkmsieammkyv/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uceb210080a328d19c1333923340.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470302/; classtype:trojan-activity;sid:84333402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.199.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470301/; classtype:trojan-activity;sid:84333401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470300/; classtype:trojan-activity;sid:84333400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470299/; classtype:trojan-activity;sid:84333399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.144.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470298/; classtype:trojan-activity;sid:84333398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.83.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470297/; classtype:trojan-activity;sid:84333397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.236.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470296/; classtype:trojan-activity;sid:84333396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.138.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470295/; classtype:trojan-activity;sid:84333395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470294/; classtype:trojan-activity;sid:84333394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.239.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470293/; classtype:trojan-activity;sid:84333393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.214.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470292/; classtype:trojan-activity;sid:84333392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.134.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470291/; classtype:trojan-activity;sid:84333391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.67.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470290/; classtype:trojan-activity;sid:84333390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470289/; classtype:trojan-activity;sid:84333389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.149.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470288/; classtype:trojan-activity;sid:84333388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.189.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470287/; classtype:trojan-activity;sid:84333387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470286/; classtype:trojan-activity;sid:84333386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470285/; classtype:trojan-activity;sid:84333385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.208.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470284/; classtype:trojan-activity;sid:84333384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470282/; classtype:trojan-activity;sid:84333382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.152.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470283/; classtype:trojan-activity;sid:84333383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.46.241.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470281/; classtype:trojan-activity;sid:84333381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.98.36.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470280/; classtype:trojan-activity;sid:84333380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470279/; classtype:trojan-activity;sid:84333379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.215.188.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470278/; classtype:trojan-activity;sid:84333378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470277/; classtype:trojan-activity;sid:84333377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.239.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470276/; classtype:trojan-activity;sid:84333376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.214.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470275/; classtype:trojan-activity;sid:84333375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.134.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470273/; classtype:trojan-activity;sid:84333373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470274/; classtype:trojan-activity;sid:84333374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.6.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470272/; classtype:trojan-activity;sid:84333372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.254.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470271/; classtype:trojan-activity;sid:84333371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.130.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470270/; classtype:trojan-activity;sid:84333370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.238.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470269/; classtype:trojan-activity;sid:84333369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.94.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470268/; classtype:trojan-activity;sid:84333368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.67.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470267/; classtype:trojan-activity;sid:84333367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.93.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470266/; classtype:trojan-activity;sid:84333366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.6.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470265/; classtype:trojan-activity;sid:84333365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.1.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470264/; classtype:trojan-activity;sid:84333364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.254.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470263/; classtype:trojan-activity;sid:84333363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470262/; classtype:trojan-activity;sid:84333362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.216.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470261/; classtype:trojan-activity;sid:84333361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.230.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470260/; classtype:trojan-activity;sid:84333360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.202.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470259/; classtype:trojan-activity;sid:84333359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470258/; classtype:trojan-activity;sid:84333358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.230.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470257/; classtype:trojan-activity;sid:84333357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470256/; classtype:trojan-activity;sid:84333356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470255/; classtype:trojan-activity;sid:84333355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.70.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470254/; classtype:trojan-activity;sid:84333354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.253.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470253/; classtype:trojan-activity;sid:84333353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.93.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470251/; classtype:trojan-activity;sid:84333351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.94.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470252/; classtype:trojan-activity;sid:84333352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.50.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470250/; classtype:trojan-activity;sid:84333350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.67.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470249/; classtype:trojan-activity;sid:84333349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.52.35.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470248/; classtype:trojan-activity;sid:84333348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.221.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470245/; classtype:trojan-activity;sid:84333345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.113.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470246/; classtype:trojan-activity;sid:84333346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470247/; classtype:trojan-activity;sid:84333347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.202.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470244/; classtype:trojan-activity;sid:84333344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.216.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470243/; classtype:trojan-activity;sid:84333343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.174.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470242/; classtype:trojan-activity;sid:84333342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.178.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470241/; classtype:trojan-activity;sid:84333341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.59.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470240/; classtype:trojan-activity;sid:84333340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.50.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470238/; classtype:trojan-activity;sid:84333338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.253.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470239/; classtype:trojan-activity;sid:84333339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.52.35.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470237/; classtype:trojan-activity;sid:84333337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.194.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470236/; classtype:trojan-activity;sid:84333336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.202.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470235/; classtype:trojan-activity;sid:84333335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.183.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470234/; classtype:trojan-activity;sid:84333334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470233)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.papeb.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470233/; classtype:trojan-activity;sid:84333333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.84.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470232/; classtype:trojan-activity;sid:84333332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.48.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470231/; classtype:trojan-activity;sid:84333331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.215.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470230/; classtype:trojan-activity;sid:84333330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470229/; classtype:trojan-activity;sid:84333329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.248.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470228/; classtype:trojan-activity;sid:84333328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470226/; classtype:trojan-activity;sid:84333326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.183.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470227/; classtype:trojan-activity;sid:84333327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.33.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470225/; classtype:trojan-activity;sid:84333325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.73.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470224/; classtype:trojan-activity;sid:84333324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470223)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.xylor.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470223/; classtype:trojan-activity;sid:84333323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.59.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470221/; classtype:trojan-activity;sid:84333321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.178.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470222/; classtype:trojan-activity;sid:84333322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.202.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470220/; classtype:trojan-activity;sid:84333320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470219/; classtype:trojan-activity;sid:84333319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470218/; classtype:trojan-activity;sid:84333318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470217/; classtype:trojan-activity;sid:84333317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.196.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470216/; classtype:trojan-activity;sid:84333316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.215.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470215/; classtype:trojan-activity;sid:84333315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470214)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.dalut.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470214/; classtype:trojan-activity;sid:84333314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.85.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470213/; classtype:trojan-activity;sid:84333313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470212/; classtype:trojan-activity;sid:84333312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.196.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470211/; classtype:trojan-activity;sid:84333311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.252.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470209/; classtype:trojan-activity;sid:84333309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.27.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470210/; classtype:trojan-activity;sid:84333310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.137.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470208/; classtype:trojan-activity;sid:84333308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.67.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470207/; classtype:trojan-activity;sid:84333307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470206/; classtype:trojan-activity;sid:84333306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470205)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.vavoj.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470205/; classtype:trojan-activity;sid:84333305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.154.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470204/; classtype:trojan-activity;sid:84333304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470199/; classtype:trojan-activity;sid:84333299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.73.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470200/; classtype:trojan-activity;sid:84333300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470201/; classtype:trojan-activity;sid:84333301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470202/; classtype:trojan-activity;sid:84333302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.10.131.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470203/; classtype:trojan-activity;sid:84333303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470198/; classtype:trojan-activity;sid:84333298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470197/; classtype:trojan-activity;sid:84333297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.151.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470196/; classtype:trojan-activity;sid:84333296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.198"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470195/; classtype:trojan-activity;sid:84333295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470194/; classtype:trojan-activity;sid:84333294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470192/; classtype:trojan-activity;sid:84333292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.93.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470193/; classtype:trojan-activity;sid:84333293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470191/; classtype:trojan-activity;sid:84333291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"161.248.54.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470190/; classtype:trojan-activity;sid:84333290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470189)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470189/; classtype:trojan-activity;sid:84333289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470188)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470188/; classtype:trojan-activity;sid:84333288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470179)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470179/; classtype:trojan-activity;sid:84333279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470180)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470180/; classtype:trojan-activity;sid:84333280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470181)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470181/; classtype:trojan-activity;sid:84333281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470182)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470182/; classtype:trojan-activity;sid:84333282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470183)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470183/; classtype:trojan-activity;sid:84333283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470184)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470184/; classtype:trojan-activity;sid:84333284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470185)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470185/; classtype:trojan-activity;sid:84333285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470186)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470186/; classtype:trojan-activity;sid:84333286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470187)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470187/; classtype:trojan-activity;sid:84333287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470165)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470165/; classtype:trojan-activity;sid:84333265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470166)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470166/; classtype:trojan-activity;sid:84333266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470167)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470167/; classtype:trojan-activity;sid:84333267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470168)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470168/; classtype:trojan-activity;sid:84333268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470169)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470169/; classtype:trojan-activity;sid:84333269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470170)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470170/; classtype:trojan-activity;sid:84333270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470171)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470171/; classtype:trojan-activity;sid:84333271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470172)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470172/; classtype:trojan-activity;sid:84333272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470173)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470173/; classtype:trojan-activity;sid:84333273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470174)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470174/; classtype:trojan-activity;sid:84333274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470175)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470175/; classtype:trojan-activity;sid:84333275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470176)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470176/; classtype:trojan-activity;sid:84333276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470177)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470177/; classtype:trojan-activity;sid:84333277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470178)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470178/; classtype:trojan-activity;sid:84333278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.67.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470164/; classtype:trojan-activity;sid:84333264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.85.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470163/; classtype:trojan-activity;sid:84333263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470161/; classtype:trojan-activity;sid:84333261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470162/; classtype:trojan-activity;sid:84333262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.233.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470160/; classtype:trojan-activity;sid:84333260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.137.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470159/; classtype:trojan-activity;sid:84333259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.53.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470158/; classtype:trojan-activity;sid:84333258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470156/; classtype:trojan-activity;sid:84333256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470157/; classtype:trojan-activity;sid:84333257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470155/; classtype:trojan-activity;sid:84333255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.94.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470154/; classtype:trojan-activity;sid:84333254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.24.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470153/; classtype:trojan-activity;sid:84333253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.143.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470152/; classtype:trojan-activity;sid:84333252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.255.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470151/; classtype:trojan-activity;sid:84333251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470150/; classtype:trojan-activity;sid:84333250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.68.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470149/; classtype:trojan-activity;sid:84333249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.95.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470148/; classtype:trojan-activity;sid:84333248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.94.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470147/; classtype:trojan-activity;sid:84333247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.46.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470146/; classtype:trojan-activity;sid:84333246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470145/; classtype:trojan-activity;sid:84333245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.204.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470144/; classtype:trojan-activity;sid:84333244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470143)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.nyrar.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470143/; classtype:trojan-activity;sid:84333243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"161.248.54.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470142/; classtype:trojan-activity;sid:84333242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470141/; classtype:trojan-activity;sid:84333241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.119.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470140/; classtype:trojan-activity;sid:84333240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.97.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470139/; classtype:trojan-activity;sid:84333239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470138)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470138/; classtype:trojan-activity;sid:84333238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470133)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470133/; classtype:trojan-activity;sid:84333233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470134)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470134/; classtype:trojan-activity;sid:84333234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470135)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470135/; classtype:trojan-activity;sid:84333235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470136)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470136/; classtype:trojan-activity;sid:84333236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.205.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470137/; classtype:trojan-activity;sid:84333237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.143.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470124/; classtype:trojan-activity;sid:84333224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470125)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470125/; classtype:trojan-activity;sid:84333225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470126)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470126/; classtype:trojan-activity;sid:84333226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470127)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470127/; classtype:trojan-activity;sid:84333227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470128)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470128/; classtype:trojan-activity;sid:84333228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470129)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470129/; classtype:trojan-activity;sid:84333229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470130)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470130/; classtype:trojan-activity;sid:84333230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470131)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470131/; classtype:trojan-activity;sid:84333231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470132)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470132/; classtype:trojan-activity;sid:84333232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470123/; classtype:trojan-activity;sid:84333223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.36.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470122/; classtype:trojan-activity;sid:84333222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.171.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470121/; classtype:trojan-activity;sid:84333221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.54.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470120/; classtype:trojan-activity;sid:84333220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470119/; classtype:trojan-activity;sid:84333219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.68.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470118/; classtype:trojan-activity;sid:84333218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.95.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470117/; classtype:trojan-activity;sid:84333217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.186.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470116/; classtype:trojan-activity;sid:84333216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.119.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470115/; classtype:trojan-activity;sid:84333215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.160.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470114/; classtype:trojan-activity;sid:84333214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.245.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470113/; classtype:trojan-activity;sid:84333213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470112/; classtype:trojan-activity;sid:84333212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.49.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470111/; classtype:trojan-activity;sid:84333211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470110/; classtype:trojan-activity;sid:84333210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.101.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470109/; classtype:trojan-activity;sid:84333209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.145.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470108/; classtype:trojan-activity;sid:84333208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.186.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470107/; classtype:trojan-activity;sid:84333207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.21.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470106/; classtype:trojan-activity;sid:84333206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.238.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470105/; classtype:trojan-activity;sid:84333205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.242.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470104/; classtype:trojan-activity;sid:84333204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470103/; classtype:trojan-activity;sid:84333203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.160.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470102/; classtype:trojan-activity;sid:84333202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470100)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"x63-hello.live"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470100/; classtype:trojan-activity;sid:84333200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470101)"; flow:established,from_client; content:"GET"; http_method; content:"/kk5l8m4ijk6ws6sz.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"x63-hello.live"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470101/; classtype:trojan-activity;sid:84333201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.49.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470097/; classtype:trojan-activity;sid:84333197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470098)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"idguset-reserve.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470098/; classtype:trojan-activity;sid:84333198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470099)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.idguset-reserve.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470099/; classtype:trojan-activity;sid:84333199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470095/; classtype:trojan-activity;sid:84333195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470094/; classtype:trojan-activity;sid:84333194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.28.46"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470093/; classtype:trojan-activity;sid:84333193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470092/; classtype:trojan-activity;sid:84333192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.21.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470091/; classtype:trojan-activity;sid:84333191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.136.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470090/; classtype:trojan-activity;sid:84333190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.40.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470089/; classtype:trojan-activity;sid:84333189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.138.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470088/; classtype:trojan-activity;sid:84333188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.174.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470087/; classtype:trojan-activity;sid:84333187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.119.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470086/; classtype:trojan-activity;sid:84333186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470085/; classtype:trojan-activity;sid:84333185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.97.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470084/; classtype:trojan-activity;sid:84333184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.28.46"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470083/; classtype:trojan-activity;sid:84333183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.230.184.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470082/; classtype:trojan-activity;sid:84333182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470081/; classtype:trojan-activity;sid:84333181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.138.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470080/; classtype:trojan-activity;sid:84333180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.113.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470079/; classtype:trojan-activity;sid:84333179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.203.156.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470078/; classtype:trojan-activity;sid:84333178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470077/; classtype:trojan-activity;sid:84333177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470076)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/js759sk1mt61j9o/after_work.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470076/; classtype:trojan-activity;sid:84333176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.103.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470075/; classtype:trojan-activity;sid:84333175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470074/; classtype:trojan-activity;sid:84333174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.184.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470073/; classtype:trojan-activity;sid:84333173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.82.120.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470072/; classtype:trojan-activity;sid:84333172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.7.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470071/; classtype:trojan-activity;sid:84333171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.137.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470070/; classtype:trojan-activity;sid:84333170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470069/; classtype:trojan-activity;sid:84333169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.66.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470068/; classtype:trojan-activity;sid:84333168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.113.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470067/; classtype:trojan-activity;sid:84333167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.224.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470066/; classtype:trojan-activity;sid:84333166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.128.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470065/; classtype:trojan-activity;sid:84333165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.136.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470064/; classtype:trojan-activity;sid:84333164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.156.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470063/; classtype:trojan-activity;sid:84333163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.66.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470062/; classtype:trojan-activity;sid:84333162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.191.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470061/; classtype:trojan-activity;sid:84333161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.57.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470060/; classtype:trojan-activity;sid:84333160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.103.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470058/; classtype:trojan-activity;sid:84333158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.224.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470059/; classtype:trojan-activity;sid:84333159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.114.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470057/; classtype:trojan-activity;sid:84333157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.140.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470056/; classtype:trojan-activity;sid:84333156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.156.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470055/; classtype:trojan-activity;sid:84333155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.124.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470054/; classtype:trojan-activity;sid:84333154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.86.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470052/; classtype:trojan-activity;sid:84333152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.59.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470053/; classtype:trojan-activity;sid:84333153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.191.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470051/; classtype:trojan-activity;sid:84333151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.137.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470050/; classtype:trojan-activity;sid:84333150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.55.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470049/; classtype:trojan-activity;sid:84333149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.76.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470045/; classtype:trojan-activity;sid:84333145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.120.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470046/; classtype:trojan-activity;sid:84333146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.152.154.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470047/; classtype:trojan-activity;sid:84333147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470048/; classtype:trojan-activity;sid:84333148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470044/; classtype:trojan-activity;sid:84333144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470043/; classtype:trojan-activity;sid:84333143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.187.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470042/; classtype:trojan-activity;sid:84333142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470039/; classtype:trojan-activity;sid:84333139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.252.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470040/; classtype:trojan-activity;sid:84333140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.1.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470041/; classtype:trojan-activity;sid:84333141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.56.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470038/; classtype:trojan-activity;sid:84333138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.203.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470037/; classtype:trojan-activity;sid:84333137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470036/; classtype:trojan-activity;sid:84333136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.21.211"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470034/; classtype:trojan-activity;sid:84333134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.176.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470035/; classtype:trojan-activity;sid:84333135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.156.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470033/; classtype:trojan-activity;sid:84333133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.22.123.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470032/; classtype:trojan-activity;sid:84333132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.35.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470031/; classtype:trojan-activity;sid:84333131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.86.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470030/; classtype:trojan-activity;sid:84333130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.140.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470029/; classtype:trojan-activity;sid:84333129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470028/; classtype:trojan-activity;sid:84333128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.21.211"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470027/; classtype:trojan-activity;sid:84333127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.120.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470026/; classtype:trojan-activity;sid:84333126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.247.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470025/; classtype:trojan-activity;sid:84333125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.238.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470024/; classtype:trojan-activity;sid:84333124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470023/; classtype:trojan-activity;sid:84333123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.159.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470022/; classtype:trojan-activity;sid:84333122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470021/; classtype:trojan-activity;sid:84333121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.152.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470020/; classtype:trojan-activity;sid:84333120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.148.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470019/; classtype:trojan-activity;sid:84333119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.74.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470018/; classtype:trojan-activity;sid:84333118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.6.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470017/; classtype:trojan-activity;sid:84333117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.78.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470016/; classtype:trojan-activity;sid:84333116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.255.247.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470015/; classtype:trojan-activity;sid:84333115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.14.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470014/; classtype:trojan-activity;sid:84333114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470013/; classtype:trojan-activity;sid:84333113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.124.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470012/; classtype:trojan-activity;sid:84333112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.53.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470011/; classtype:trojan-activity;sid:84333111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.40.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470010/; classtype:trojan-activity;sid:84333110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470008/; classtype:trojan-activity;sid:84333108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.213.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470009/; classtype:trojan-activity;sid:84333109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.95.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470006/; classtype:trojan-activity;sid:84333106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.124.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470007/; classtype:trojan-activity;sid:84333107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470005/; classtype:trojan-activity;sid:84333105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.122.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470004/; classtype:trojan-activity;sid:84333104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.68.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470003/; classtype:trojan-activity;sid:84333103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.180.141.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470002/; classtype:trojan-activity;sid:84333102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.14.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470001/; classtype:trojan-activity;sid:84333101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470000/; classtype:trojan-activity;sid:84333100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.82.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469999/; classtype:trojan-activity;sid:84333099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469998/; classtype:trojan-activity;sid:84333098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469997/; classtype:trojan-activity;sid:84333097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.251.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469996/; classtype:trojan-activity;sid:84333096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.144.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469995/; classtype:trojan-activity;sid:84333095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.66.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469994/; classtype:trojan-activity;sid:84333094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.243.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469992/; classtype:trojan-activity;sid:84333092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.141.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469993/; classtype:trojan-activity;sid:84333093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469991/; classtype:trojan-activity;sid:84333091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469990/; classtype:trojan-activity;sid:84333090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.19.80.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469989/; classtype:trojan-activity;sid:84333089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.133.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469988/; classtype:trojan-activity;sid:84333088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.97.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469987/; classtype:trojan-activity;sid:84333087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.122.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469986/; classtype:trojan-activity;sid:84333086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469985/; classtype:trojan-activity;sid:84333085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.82.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469984/; classtype:trojan-activity;sid:84333084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.132.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469983/; classtype:trojan-activity;sid:84333083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.144.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469982/; classtype:trojan-activity;sid:84333082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.133.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469981/; classtype:trojan-activity;sid:84333081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.68.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469980/; classtype:trojan-activity;sid:84333080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469979/; classtype:trojan-activity;sid:84333079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469978)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.hegop.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469978/; classtype:trojan-activity;sid:84333078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.97.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469977/; classtype:trojan-activity;sid:84333077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469976/; classtype:trojan-activity;sid:84333076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.44.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469975/; classtype:trojan-activity;sid:84333075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469974/; classtype:trojan-activity;sid:84333074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469973/; classtype:trojan-activity;sid:84333073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.131.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469972/; classtype:trojan-activity;sid:84333072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.132.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469971/; classtype:trojan-activity;sid:84333071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.9.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469969/; classtype:trojan-activity;sid:84333069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.127.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469970/; classtype:trojan-activity;sid:84333070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469968/; classtype:trojan-activity;sid:84333068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469967/; classtype:trojan-activity;sid:84333067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.254.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469966/; classtype:trojan-activity;sid:84333066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469965/; classtype:trojan-activity;sid:84333065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.127.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469964/; classtype:trojan-activity;sid:84333064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469963/; classtype:trojan-activity;sid:84333063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469962/; classtype:trojan-activity;sid:84333062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.44.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469961/; classtype:trojan-activity;sid:84333061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469960/; classtype:trojan-activity;sid:84333060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.160.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469959/; classtype:trojan-activity;sid:84333059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.91.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469958/; classtype:trojan-activity;sid:84333058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.160.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469957/; classtype:trojan-activity;sid:84333057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469956/; classtype:trojan-activity;sid:84333056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.166.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469955/; classtype:trojan-activity;sid:84333055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.50.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469954/; classtype:trojan-activity;sid:84333054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.169.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469953/; classtype:trojan-activity;sid:84333053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.106.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469952/; classtype:trojan-activity;sid:84333052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.169.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469951/; classtype:trojan-activity;sid:84333051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.90.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469949/; classtype:trojan-activity;sid:84333049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.9.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469950/; classtype:trojan-activity;sid:84333050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.131.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469948/; classtype:trojan-activity;sid:84333048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469947/; classtype:trojan-activity;sid:84333047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.201.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469946/; classtype:trojan-activity;sid:84333046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.243.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469945/; classtype:trojan-activity;sid:84333045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.0.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469943/; classtype:trojan-activity;sid:84333043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469944/; classtype:trojan-activity;sid:84333044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469942/; classtype:trojan-activity;sid:84333042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.140.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469941/; classtype:trojan-activity;sid:84333041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469940/; classtype:trojan-activity;sid:84333040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.91.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469939/; classtype:trojan-activity;sid:84333039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.201.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3469938/; classtype:trojan-activity;sid:84333038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469937/; classtype:trojan-activity;sid:84333037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.115.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469935/; classtype:trojan-activity;sid:84333035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.206.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469936/; classtype:trojan-activity;sid:84333036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469934/; classtype:trojan-activity;sid:84333034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.166.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469933/; classtype:trojan-activity;sid:84333033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.142.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469930/; classtype:trojan-activity;sid:84333030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.54.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469931/; classtype:trojan-activity;sid:84333031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469932/; classtype:trojan-activity;sid:84333032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.37.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469929/; classtype:trojan-activity;sid:84333029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.50.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469928/; classtype:trojan-activity;sid:84333028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.252.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469927/; classtype:trojan-activity;sid:84333027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.55.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469926/; classtype:trojan-activity;sid:84333026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.94.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469925/; classtype:trojan-activity;sid:84333025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469924/; classtype:trojan-activity;sid:84333024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469923/; classtype:trojan-activity;sid:84333023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469922/; classtype:trojan-activity;sid:84333022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.228.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469921/; classtype:trojan-activity;sid:84333021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.16.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469920/; classtype:trojan-activity;sid:84333020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.142.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469919/; classtype:trojan-activity;sid:84333019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.90.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469918/; classtype:trojan-activity;sid:84333018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469917/; classtype:trojan-activity;sid:84333017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.131.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469916/; classtype:trojan-activity;sid:84333016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.68.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469915/; classtype:trojan-activity;sid:84333015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469914/; classtype:trojan-activity;sid:84333014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.119.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469913/; classtype:trojan-activity;sid:84333013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.252.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469912/; classtype:trojan-activity;sid:84333012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.37.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469911/; classtype:trojan-activity;sid:84333011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.89.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469910/; classtype:trojan-activity;sid:84333010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.115.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469909/; classtype:trojan-activity;sid:84333009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469908/; classtype:trojan-activity;sid:84333008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469907/; classtype:trojan-activity;sid:84333007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.17.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469906/; classtype:trojan-activity;sid:84333006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469905/; classtype:trojan-activity;sid:84333005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.231.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469904/; classtype:trojan-activity;sid:84333004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.127.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469903/; classtype:trojan-activity;sid:84333003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.119.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469902/; classtype:trojan-activity;sid:84333002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.28.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469901/; classtype:trojan-activity;sid:84333001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.49.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469900/; classtype:trojan-activity;sid:84333000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.89.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469899/; classtype:trojan-activity;sid:84332999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.10.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469898/; classtype:trojan-activity;sid:84332998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.75.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469897/; classtype:trojan-activity;sid:84332997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469896/; classtype:trojan-activity;sid:84332996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469895/; classtype:trojan-activity;sid:84332995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.156.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469894/; classtype:trojan-activity;sid:84332994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.8.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469893/; classtype:trojan-activity;sid:84332993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469892/; classtype:trojan-activity;sid:84332992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.27.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469891/; classtype:trojan-activity;sid:84332991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.184.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469890/; classtype:trojan-activity;sid:84332990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.49.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469889/; classtype:trojan-activity;sid:84332989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469887/; classtype:trojan-activity;sid:84332987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469888)"; flow:established,from_client; content:"GET"; http_method; content:"/nioxxy.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"20.229.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469888/; classtype:trojan-activity;sid:84332988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469886)"; flow:established,from_client; content:"GET"; http_method; content:"/niox.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.229.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469886/; classtype:trojan-activity;sid:84332986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.234.159.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469885/; classtype:trojan-activity;sid:84332985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.18.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469884/; classtype:trojan-activity;sid:84332984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.39.128.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469883/; classtype:trojan-activity;sid:84332983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469882/; classtype:trojan-activity;sid:84332982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.217.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469881/; classtype:trojan-activity;sid:84332981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.27.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469879/; classtype:trojan-activity;sid:84332979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.208.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469880/; classtype:trojan-activity;sid:84332980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.28.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469878/; classtype:trojan-activity;sid:84332978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.195.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469877/; classtype:trojan-activity;sid:84332977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.48.28.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469876/; classtype:trojan-activity;sid:84332976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.128.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469875/; classtype:trojan-activity;sid:84332975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.214.103.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469874/; classtype:trojan-activity;sid:84332974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.70.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469873/; classtype:trojan-activity;sid:84332973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.208.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469872/; classtype:trojan-activity;sid:84332972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.234.159.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469871/; classtype:trojan-activity;sid:84332971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.242.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469870/; classtype:trojan-activity;sid:84332970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469869/; classtype:trojan-activity;sid:84332969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469868)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/dlnelvk0pyaewzu/after_work.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469868/; classtype:trojan-activity;sid:84332968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469867)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.fyjig.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469867/; classtype:trojan-activity;sid:84332967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.195.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469866/; classtype:trojan-activity;sid:84332966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.93.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469865/; classtype:trojan-activity;sid:84332965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469864)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.qacot.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469864/; classtype:trojan-activity;sid:84332964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.128.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469863/; classtype:trojan-activity;sid:84332963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.151.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469862/; classtype:trojan-activity;sid:84332962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469860)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/aarch64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469860/; classtype:trojan-activity;sid:84332960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469861)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469861/; classtype:trojan-activity;sid:84332961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469846)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469846/; classtype:trojan-activity;sid:84332946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469847)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469847/; classtype:trojan-activity;sid:84332947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469848)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469848/; classtype:trojan-activity;sid:84332948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469849)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469849/; classtype:trojan-activity;sid:84332949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469850)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469850/; classtype:trojan-activity;sid:84332950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469851)"; flow:established,from_client; content:"GET"; http_method; content:"/login"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469851/; classtype:trojan-activity;sid:84332951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469852)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469852/; classtype:trojan-activity;sid:84332952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469853)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469853/; classtype:trojan-activity;sid:84332953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469854)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469854/; classtype:trojan-activity;sid:84332954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469855)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469855/; classtype:trojan-activity;sid:84332955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469856)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469856/; classtype:trojan-activity;sid:84332956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469857)"; flow:established,from_client; content:"GET"; http_method; content:"/pdvr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469857/; classtype:trojan-activity;sid:84332957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469858)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469858/; classtype:trojan-activity;sid:84332958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.176.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469859/; classtype:trojan-activity;sid:84332959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469845/; classtype:trojan-activity;sid:84332945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.70.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469843/; classtype:trojan-activity;sid:84332943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.143.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469844/; classtype:trojan-activity;sid:84332944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.93.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469842/; classtype:trojan-activity;sid:84332942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.242.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469841/; classtype:trojan-activity;sid:84332941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469840)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc2be5bddda548dec3c2d88464a698627ac9447aae621d8.wks"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"gebi.dorklifedubbed.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469840/; classtype:trojan-activity;sid:84332940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.52.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469839/; classtype:trojan-activity;sid:84332939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.191.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469838/; classtype:trojan-activity;sid:84332938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.8.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469836/; classtype:trojan-activity;sid:84332936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.88.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469837/; classtype:trojan-activity;sid:84332937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469835/; classtype:trojan-activity;sid:84332935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.10.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469834/; classtype:trojan-activity;sid:84332934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.52.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469833/; classtype:trojan-activity;sid:84332933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469832)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469832/; classtype:trojan-activity;sid:84332932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469820)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469820/; classtype:trojan-activity;sid:84332920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469821)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469821/; classtype:trojan-activity;sid:84332921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469822)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469822/; classtype:trojan-activity;sid:84332922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469823)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469823/; classtype:trojan-activity;sid:84332923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469824)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469824/; classtype:trojan-activity;sid:84332924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469825)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469825/; classtype:trojan-activity;sid:84332925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469826)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469826/; classtype:trojan-activity;sid:84332926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469827)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469827/; classtype:trojan-activity;sid:84332927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469828)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469828/; classtype:trojan-activity;sid:84332928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469829)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469829/; classtype:trojan-activity;sid:84332929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469830/; classtype:trojan-activity;sid:84332930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469831)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469831/; classtype:trojan-activity;sid:84332931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.151.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469818/; classtype:trojan-activity;sid:84332918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.112.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469819/; classtype:trojan-activity;sid:84332919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.176.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469817/; classtype:trojan-activity;sid:84332917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.48.134.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469816/; classtype:trojan-activity;sid:84332916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469810/; classtype:trojan-activity;sid:84332910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469811/; classtype:trojan-activity;sid:84332911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469812/; classtype:trojan-activity;sid:84332912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.154.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469813/; classtype:trojan-activity;sid:84332913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.137.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469814/; classtype:trojan-activity;sid:84332914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.1.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469815/; classtype:trojan-activity;sid:84332915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.159"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469809/; classtype:trojan-activity;sid:84332909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.94.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469808/; classtype:trojan-activity;sid:84332908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469807)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.83.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469807/; classtype:trojan-activity;sid:84332907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469806/; classtype:trojan-activity;sid:84332906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.173.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469805/; classtype:trojan-activity;sid:84332905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.128.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469803/; classtype:trojan-activity;sid:84332903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469804/; classtype:trojan-activity;sid:84332904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469802/; classtype:trojan-activity;sid:84332902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.68.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469801/; classtype:trojan-activity;sid:84332901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.45.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469800/; classtype:trojan-activity;sid:84332900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469799/; classtype:trojan-activity;sid:84332899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.11.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469798/; classtype:trojan-activity;sid:84332898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.71.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469797/; classtype:trojan-activity;sid:84332897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.11.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469796/; classtype:trojan-activity;sid:84332896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469795)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.latan.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469795/; classtype:trojan-activity;sid:84332895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469794/; classtype:trojan-activity;sid:84332894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469793/; classtype:trojan-activity;sid:84332893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.241.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469792/; classtype:trojan-activity;sid:84332892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469790)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.hexyf.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469790/; classtype:trojan-activity;sid:84332890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469791/; classtype:trojan-activity;sid:84332891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.10.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469789/; classtype:trojan-activity;sid:84332889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.32.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469788/; classtype:trojan-activity;sid:84332888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.119.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469787/; classtype:trojan-activity;sid:84332887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.11.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469786/; classtype:trojan-activity;sid:84332886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.75.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469785/; classtype:trojan-activity;sid:84332885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469784)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.qyver.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469784/; classtype:trojan-activity;sid:84332884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.11.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469783/; classtype:trojan-activity;sid:84332883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.107.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469782/; classtype:trojan-activity;sid:84332882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.32.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469781/; classtype:trojan-activity;sid:84332881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469780/; classtype:trojan-activity;sid:84332880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469779/; classtype:trojan-activity;sid:84332879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469778)"; flow:established,from_client; content:"GET"; http_method; content:"/zgrab2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.229.232.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469778/; classtype:trojan-activity;sid:84332878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469776)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.229.232.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469776/; classtype:trojan-activity;sid:84332876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.254.33.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469775/; classtype:trojan-activity;sid:84332875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469774)"; flow:established,from_client; content:"GET"; http_method; content:"/widsmob_denoise_win.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"147.45.44.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469774/; classtype:trojan-activity;sid:84332874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.75.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469773/; classtype:trojan-activity;sid:84332873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469772/; classtype:trojan-activity;sid:84332872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.28.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469771/; classtype:trojan-activity;sid:84332871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.107.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469769/; classtype:trojan-activity;sid:84332869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469768)"; flow:established,from_client; content:"GET"; http_method; content:"/pronoti.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"autodownloadnoti.vercel.app"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469768/; classtype:trojan-activity;sid:84332868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469767)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"autodownloadnoticlient.vercel.app"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469767/; classtype:trojan-activity;sid:84332867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469766)"; flow:established,from_client; content:"GET"; http_method; content:"/capcut"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"reddit.com.im"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469766/; classtype:trojan-activity;sid:84332866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.254.33.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469765/; classtype:trojan-activity;sid:84332865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469764/; classtype:trojan-activity;sid:84332864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.117.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469763/; classtype:trojan-activity;sid:84332863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.128.156.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469762/; classtype:trojan-activity;sid:84332862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.104.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469761/; classtype:trojan-activity;sid:84332861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469760)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/a0jq7v89bih731y/after_work.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469760/; classtype:trojan-activity;sid:84332860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469758/; classtype:trojan-activity;sid:84332858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469757/; classtype:trojan-activity;sid:84332857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.28.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469756/; classtype:trojan-activity;sid:84332856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469755/; classtype:trojan-activity;sid:84332855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.250.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469754/; classtype:trojan-activity;sid:84332854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.117.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469753/; classtype:trojan-activity;sid:84332853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.7.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469752/; classtype:trojan-activity;sid:84332852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469751/; classtype:trojan-activity;sid:84332851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469750/; classtype:trojan-activity;sid:84332850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.128.156.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469749/; classtype:trojan-activity;sid:84332849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469748/; classtype:trojan-activity;sid:84332848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469747/; classtype:trojan-activity;sid:84332847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.243.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469746/; classtype:trojan-activity;sid:84332846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.7.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469745/; classtype:trojan-activity;sid:84332845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.73.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469744/; classtype:trojan-activity;sid:84332844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.18.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469743/; classtype:trojan-activity;sid:84332843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.37.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469741/; classtype:trojan-activity;sid:84332841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.108.90.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469742/; classtype:trojan-activity;sid:84332842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.183.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469740/; classtype:trojan-activity;sid:84332840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.73.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469739/; classtype:trojan-activity;sid:84332839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.154.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469738/; classtype:trojan-activity;sid:84332838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.26.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469737/; classtype:trojan-activity;sid:84332837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469736/; classtype:trojan-activity;sid:84332836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469735/; classtype:trojan-activity;sid:84332835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469733/; classtype:trojan-activity;sid:84332833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469734/; classtype:trojan-activity;sid:84332834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.32.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469732/; classtype:trojan-activity;sid:84332832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469731)"; flow:established,from_client; content:"GET"; http_method; content:"/z8uzbpyvpgfdrs/maloy.mp4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"overcoatpassably.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469731/; classtype:trojan-activity;sid:84332831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469730/; classtype:trojan-activity;sid:84332830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469728)"; flow:established,from_client; content:"GET"; http_method; content:"/nrtnrtnfgnfgn/hrthrtger/raw/f18127ce1b6a2880a9b8e06ba39d766dc27dcf1b/yellow.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469728/; classtype:trojan-activity;sid:84332828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469729/; classtype:trojan-activity;sid:84332829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469727)"; flow:established,from_client; content:"GET"; http_method; content:"/nrtnrtnfgnfgn/hrthrtger/raw/f18127ce1b6a2880a9b8e06ba39d766dc27dcf1b/aov.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469727/; classtype:trojan-activity;sid:84332827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469726)"; flow:established,from_client; content:"GET"; http_method; content:"/nrtnrtnfgnfgn/hrthrtger/raw/f18127ce1b6a2880a9b8e06ba39d766dc27dcf1b/mind.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469726/; classtype:trojan-activity;sid:84332826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469723)"; flow:established,from_client; content:"GET"; http_method; content:"/nrtnrtnfgnfgn/hrthrtger/raw/f18127ce1b6a2880a9b8e06ba39d766dc27dcf1b/green.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469723/; classtype:trojan-activity;sid:84332823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469724)"; flow:established,from_client; content:"GET"; http_method; content:"/nrtnrtnfgnfgn/hrthrtger/raw/f18127ce1b6a2880a9b8e06ba39d766dc27dcf1b/lucim.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469724/; classtype:trojan-activity;sid:84332824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469725)"; flow:established,from_client; content:"GET"; http_method; content:"/nrtnrtnfgnfgn/hrthrtger/raw/f18127ce1b6a2880a9b8e06ba39d766dc27dcf1b/black.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469725/; classtype:trojan-activity;sid:84332825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469722)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.10.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469722/; classtype:trojan-activity;sid:84332822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469721/; classtype:trojan-activity;sid:84332821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.151.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469720/; classtype:trojan-activity;sid:84332820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.198.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469719/; classtype:trojan-activity;sid:84332819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469718)"; flow:established,from_client; content:"GET"; http_method; content:"/gift/setup4391.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"35.188.13.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469718/; classtype:trojan-activity;sid:84332818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.5.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469716/; classtype:trojan-activity;sid:84332816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469717)"; flow:established,from_client; content:"GET"; http_method; content:"/gift/setup4391.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"559236.na3.to"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469717/; classtype:trojan-activity;sid:84332817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469714)"; flow:established,from_client; content:"GET"; http_method; content:"/upd/document-mt710020583.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"559236.na3.to"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469714/; classtype:trojan-activity;sid:84332814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469715)"; flow:established,from_client; content:"GET"; http_method; content:"/upd/document-mt710020583.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"35.188.13.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469715/; classtype:trojan-activity;sid:84332815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.211.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469713/; classtype:trojan-activity;sid:84332813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.243.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469712/; classtype:trojan-activity;sid:84332812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469710/; classtype:trojan-activity;sid:84332810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.5.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469711/; classtype:trojan-activity;sid:84332811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469709)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.227.61.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469709/; classtype:trojan-activity;sid:84332809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.156.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469708/; classtype:trojan-activity;sid:84332808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.183.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469707/; classtype:trojan-activity;sid:84332807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.198.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469706/; classtype:trojan-activity;sid:84332806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.211.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469705/; classtype:trojan-activity;sid:84332805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.84.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469704/; classtype:trojan-activity;sid:84332804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469703/; classtype:trojan-activity;sid:84332803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469702/; classtype:trojan-activity;sid:84332802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469701/; classtype:trojan-activity;sid:84332801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469700/; classtype:trojan-activity;sid:84332800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.130.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469698/; classtype:trojan-activity;sid:84332798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.104"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469699/; classtype:trojan-activity;sid:84332799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469696/; classtype:trojan-activity;sid:84332796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469697/; classtype:trojan-activity;sid:84332797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.106.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469695/; classtype:trojan-activity;sid:84332795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469694/; classtype:trojan-activity;sid:84332794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469693/; classtype:trojan-activity;sid:84332793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.190.181.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469692/; classtype:trojan-activity;sid:84332792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.55.165.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469686/; classtype:trojan-activity;sid:84332786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.250.67.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469687/; classtype:trojan-activity;sid:84332787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.36.180.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469688/; classtype:trojan-activity;sid:84332788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.157.195.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469689/; classtype:trojan-activity;sid:84332789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.146.122.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469690/; classtype:trojan-activity;sid:84332790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.206.229.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469691/; classtype:trojan-activity;sid:84332791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469678/; classtype:trojan-activity;sid:84332778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469679/; classtype:trojan-activity;sid:84332779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.88.227.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469680/; classtype:trojan-activity;sid:84332780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.91.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469681/; classtype:trojan-activity;sid:84332781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.41.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469682/; classtype:trojan-activity;sid:84332782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.225.58.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469683/; classtype:trojan-activity;sid:84332783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.239.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469684/; classtype:trojan-activity;sid:84332784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"128.127.102.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469685/; classtype:trojan-activity;sid:84332785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.249.65.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469676/; classtype:trojan-activity;sid:84332776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.77.34.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469677/; classtype:trojan-activity;sid:84332777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.208.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469675/; classtype:trojan-activity;sid:84332775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.7.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469674/; classtype:trojan-activity;sid:84332774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.76.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469673/; classtype:trojan-activity;sid:84332773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.160.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469672/; classtype:trojan-activity;sid:84332772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.113.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469671/; classtype:trojan-activity;sid:84332771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469668)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.234.249.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469668/; classtype:trojan-activity;sid:84332768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.234.249.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469669/; classtype:trojan-activity;sid:84332769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.95.124.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469670/; classtype:trojan-activity;sid:84332770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.21.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469666/; classtype:trojan-activity;sid:84332766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469667)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.189.46.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469667/; classtype:trojan-activity;sid:84332767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.118.223.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469665/; classtype:trojan-activity;sid:84332765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469664)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.146.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469664/; classtype:trojan-activity;sid:84332764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469663)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/bbvagz2vooef4xt/after_work.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469663/; classtype:trojan-activity;sid:84332763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.156.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469662/; classtype:trojan-activity;sid:84332762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.76.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469661/; classtype:trojan-activity;sid:84332761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469660)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.74.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469660/; classtype:trojan-activity;sid:84332760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.84.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469659/; classtype:trojan-activity;sid:84332759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469658)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.barev.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469658/; classtype:trojan-activity;sid:84332758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.248.54.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469657/; classtype:trojan-activity;sid:84332757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.5.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469656/; classtype:trojan-activity;sid:84332756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.176.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469655/; classtype:trojan-activity;sid:84332755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469654)"; flow:established,from_client; content:"GET"; http_method; content:"/carm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.229.232.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469654/; classtype:trojan-activity;sid:84332754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.150.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469653/; classtype:trojan-activity;sid:84332753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469652/; classtype:trojan-activity;sid:84332752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.214.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469651/; classtype:trojan-activity;sid:84332751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.17.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469650/; classtype:trojan-activity;sid:84332750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469649)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/suma/wecreatedbestthingswithbestwomenforgive.hta"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"141.98.10.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469649/; classtype:trojan-activity;sid:84332749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.84.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469648/; classtype:trojan-activity;sid:84332748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.5.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469647/; classtype:trojan-activity;sid:84332747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.250.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469646/; classtype:trojan-activity;sid:84332746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469645)"; flow:established,from_client; content:"GET"; http_method; content:"/zgrab2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"204.76.203.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469645/; classtype:trojan-activity;sid:84332745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469644)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.76.203.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469644/; classtype:trojan-activity;sid:84332744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469643)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"204.76.203.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469643/; classtype:trojan-activity;sid:84332743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.222.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469642/; classtype:trojan-activity;sid:84332742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.176.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469641/; classtype:trojan-activity;sid:84332741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.165.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469640/; classtype:trojan-activity;sid:84332740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.208.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469639/; classtype:trojan-activity;sid:84332739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.132.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469638/; classtype:trojan-activity;sid:84332738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469637/; classtype:trojan-activity;sid:84332737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.11.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469636/; classtype:trojan-activity;sid:84332736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.233.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469635/; classtype:trojan-activity;sid:84332735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.120.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469634/; classtype:trojan-activity;sid:84332734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469633/; classtype:trojan-activity;sid:84332733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.24.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469631/; classtype:trojan-activity;sid:84332731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.183.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469632/; classtype:trojan-activity;sid:84332732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.244.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469630/; classtype:trojan-activity;sid:84332730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.87.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469629/; classtype:trojan-activity;sid:84332729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469628/; classtype:trojan-activity;sid:84332728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.44.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469627/; classtype:trojan-activity;sid:84332727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.120.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469626/; classtype:trojan-activity;sid:84332726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.214.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469625/; classtype:trojan-activity;sid:84332725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.88.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469624/; classtype:trojan-activity;sid:84332724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469623)"; flow:established,from_client; content:"GET"; http_method; content:"/bg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.135.194.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469623/; classtype:trojan-activity;sid:84332723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469622)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.nokuv.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469622/; classtype:trojan-activity;sid:84332722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.88.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469621/; classtype:trojan-activity;sid:84332721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469620/; classtype:trojan-activity;sid:84332720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.219.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469619/; classtype:trojan-activity;sid:84332719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.201.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469618/; classtype:trojan-activity;sid:84332718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469617/; classtype:trojan-activity;sid:84332717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469616/; classtype:trojan-activity;sid:84332716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.222.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469615/; classtype:trojan-activity;sid:84332715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.136.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469614/; classtype:trojan-activity;sid:84332714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469613)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/2hlchulp7q4xmu7/after_work.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469613/; classtype:trojan-activity;sid:84332713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.201.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469612/; classtype:trojan-activity;sid:84332712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469611/; classtype:trojan-activity;sid:84332711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.44.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469610/; classtype:trojan-activity;sid:84332710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.75.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469609/; classtype:trojan-activity;sid:84332709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469607)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469607/; classtype:trojan-activity;sid:84332707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469608)"; flow:established,from_client; content:"GET"; http_method; content:"/t/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469608/; classtype:trojan-activity;sid:84332708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469606/; classtype:trojan-activity;sid:84332706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469605/; classtype:trojan-activity;sid:84332705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.132.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469604/; classtype:trojan-activity;sid:84332704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469603)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469603/; classtype:trojan-activity;sid:84332703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.114.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469602/; classtype:trojan-activity;sid:84332702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469601/; classtype:trojan-activity;sid:84332701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.253.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469600/; classtype:trojan-activity;sid:84332700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469599/; classtype:trojan-activity;sid:84332699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.75.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469598/; classtype:trojan-activity;sid:84332698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.54.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469597/; classtype:trojan-activity;sid:84332697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.240.211.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469596/; classtype:trojan-activity;sid:84332696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.164.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469595/; classtype:trojan-activity;sid:84332695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.118.118.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469589/; classtype:trojan-activity;sid:84332689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469590/; classtype:trojan-activity;sid:84332690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.127.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469591/; classtype:trojan-activity;sid:84332691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.14.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469592/; classtype:trojan-activity;sid:84332692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.129.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469593/; classtype:trojan-activity;sid:84332693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.89.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469594/; classtype:trojan-activity;sid:84332694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.231.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469587/; classtype:trojan-activity;sid:84332687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.48.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469588/; classtype:trojan-activity;sid:84332688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.100.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469586/; classtype:trojan-activity;sid:84332686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469585/; classtype:trojan-activity;sid:84332685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.204.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469584/; classtype:trojan-activity;sid:84332684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.227.109.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469582/; classtype:trojan-activity;sid:84332682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.90.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469583/; classtype:trojan-activity;sid:84332683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.155.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469581/; classtype:trojan-activity;sid:84332681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469580/; classtype:trojan-activity;sid:84332680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469578/; classtype:trojan-activity;sid:84332678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469579/; classtype:trojan-activity;sid:84332679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.5.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469577/; classtype:trojan-activity;sid:84332677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469575/; classtype:trojan-activity;sid:84332675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.156.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469576/; classtype:trojan-activity;sid:84332676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/1url4vmjm3jutdol4ialrwvctgwtmfdaki"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469574/; classtype:trojan-activity;sid:84332674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/l8bio6mx0e2xzua8glxxb3qqt28njjee7e"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469573/; classtype:trojan-activity;sid:84332673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469569)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469569/; classtype:trojan-activity;sid:84332669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469570)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469570/; classtype:trojan-activity;sid:84332670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469571)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469571/; classtype:trojan-activity;sid:84332671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469572)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469572/; classtype:trojan-activity;sid:84332672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/7qhc5pmeh9tttnrsszuzwwcur8ig80hgfa"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469560/; classtype:trojan-activity;sid:84332660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kcz7wds9ey1472ebe1yh1udgswjcdpmxmx"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469561/; classtype:trojan-activity;sid:84332661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469562)"; flow:established,from_client; content:"GET"; http_method; content:"/t/ppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469562/; classtype:trojan-activity;sid:84332662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469563)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469563/; classtype:trojan-activity;sid:84332663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469564)"; flow:established,from_client; content:"GET"; http_method; content:"/t/spc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469564/; classtype:trojan-activity;sid:84332664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/obtrzbxmz0glfcr0bk23moxr4k1lgukj5q"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469565/; classtype:trojan-activity;sid:84332665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wk7vtkwcveeqjudhbbxeybpypx8akzxutr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469566/; classtype:trojan-activity;sid:84332666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qlnwv2qm5tjzwhn7qmpybnrlle1hphwjfb"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469567/; classtype:trojan-activity;sid:84332667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469568)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469568/; classtype:trojan-activity;sid:84332668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469536)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469536/; classtype:trojan-activity;sid:84332636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469537)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469537/; classtype:trojan-activity;sid:84332637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kcz7wds9ey1472ebe1yh1udgswjcdpmxmx"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469538/; classtype:trojan-activity;sid:84332638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tcv5vo5tw9z8xjnnlcpzh9rwcp75x3gc4g"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469539/; classtype:trojan-activity;sid:84332639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tcv5vo5tw9z8xjnnlcpzh9rwcp75x3gc4g"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469540/; classtype:trojan-activity;sid:84332640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/59ft4e3ueml9ogfei4nhepdl9v4liwzvzv"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469541/; classtype:trojan-activity;sid:84332641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469542)"; flow:established,from_client; content:"GET"; http_method; content:"/t/m68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469542/; classtype:trojan-activity;sid:84332642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469543)"; flow:established,from_client; content:"GET"; http_method; content:"/1741242061_210c9e85f9745846cb8e6b82d2ec5c7a/firmware.safe.mips64"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469543/; classtype:trojan-activity;sid:84332643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469544)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469544/; classtype:trojan-activity;sid:84332644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469545)"; flow:established,from_client; content:"GET"; http_method; content:"/t/sh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469545/; classtype:trojan-activity;sid:84332645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469546)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469546/; classtype:trojan-activity;sid:84332646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469547)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469547/; classtype:trojan-activity;sid:84332647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/1url4vmjm3jutdol4ialrwvctgwtmfdaki"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469548/; classtype:trojan-activity;sid:84332648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/qlnwv2qm5tjzwhn7qmpybnrlle1hphwjfb"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469549/; classtype:trojan-activity;sid:84332649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469550)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469550/; classtype:trojan-activity;sid:84332650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/j5pf2urafrirxfbsnk6wcqg8sfohfacw0f"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469551/; classtype:trojan-activity;sid:84332651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469552)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469552/; classtype:trojan-activity;sid:84332652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469553)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469553/; classtype:trojan-activity;sid:84332653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469554)"; flow:established,from_client; content:"GET"; http_method; content:"/t/i686"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469554/; classtype:trojan-activity;sid:84332654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469555)"; flow:established,from_client; content:"GET"; http_method; content:"/1741242061_210c9e85f9745846cb8e6b82d2ec5c7a/firmware.safe.armv5l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469555/; classtype:trojan-activity;sid:84332655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mdukejrpevrjtaf8qjouhxmh7xldbbspza"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469556/; classtype:trojan-activity;sid:84332656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/y4com46urtkfafg7vowxnj6spso9ytwu4q"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469557/; classtype:trojan-activity;sid:84332657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/j5pf2urafrirxfbsnk6wcqg8sfohfacw0f"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469558/; classtype:trojan-activity;sid:84332658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mcwmh8qlgsvqzzvbyfrmovyxdsv25klh75"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469559/; classtype:trojan-activity;sid:84332659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469524/; classtype:trojan-activity;sid:84332624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/59ft4e3ueml9ogfei4nhepdl9v4liwzvzv"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469525/; classtype:trojan-activity;sid:84332625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/obtrzbxmz0glfcr0bk23moxr4k1lgukj5q"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469526/; classtype:trojan-activity;sid:84332626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469527)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/z9gdbmipot1cyxtsxr4dyxgfzqoawh2upr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469527/; classtype:trojan-activity;sid:84332627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469528)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469528/; classtype:trojan-activity;sid:84332628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469529)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wk7vtkwcveeqjudhbbxeybpypx8akzxutr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469529/; classtype:trojan-activity;sid:84332629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469530)"; flow:established,from_client; content:"GET"; http_method; content:"/t/arm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469530/; classtype:trojan-activity;sid:84332630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469531)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469531/; classtype:trojan-activity;sid:84332631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469532)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/7qhc5pmeh9tttnrsszuzwwcur8ig80hgfa"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469532/; classtype:trojan-activity;sid:84332632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469533)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/y4com46urtkfafg7vowxnj6spso9ytwu4q"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"37.44.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469533/; classtype:trojan-activity;sid:84332633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469534)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469534/; classtype:trojan-activity;sid:84332634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469535)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469535/; classtype:trojan-activity;sid:84332635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469523)"; flow:established,from_client; content:"GET"; http_method; content:"/1741242061_210c9e85f9745846cb8e6b82d2ec5c7a/firmware.safe.armv6l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469523/; classtype:trojan-activity;sid:84332623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469521/; classtype:trojan-activity;sid:84332621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469522/; classtype:trojan-activity;sid:84332622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469516)"; flow:established,from_client; content:"GET"; http_method; content:"/1741242061_210c9e85f9745846cb8e6b82d2ec5c7a/firmware.safe.mipsel"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469516/; classtype:trojan-activity;sid:84332616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469517)"; flow:established,from_client; content:"GET"; http_method; content:"/1741242061_210c9e85f9745846cb8e6b82d2ec5c7a/firmware.safe.armv7l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469517/; classtype:trojan-activity;sid:84332617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469518)"; flow:established,from_client; content:"GET"; http_method; content:"/1741242061_210c9e85f9745846cb8e6b82d2ec5c7a/firmware.safe.mips"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469518/; classtype:trojan-activity;sid:84332618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469519/; classtype:trojan-activity;sid:84332619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469520/; classtype:trojan-activity;sid:84332620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469508/; classtype:trojan-activity;sid:84332608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469509/; classtype:trojan-activity;sid:84332609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469510/; classtype:trojan-activity;sid:84332610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469511/; classtype:trojan-activity;sid:84332611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.armv6l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469512/; classtype:trojan-activity;sid:84332612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469513/; classtype:trojan-activity;sid:84332613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469514)"; flow:established,from_client; content:"GET"; http_method; content:"/1741242061_210c9e85f9745846cb8e6b82d2ec5c7a/firmware.safe.armv4l"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469514/; classtype:trojan-activity;sid:84332614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469515)"; flow:established,from_client; content:"GET"; http_method; content:"/1741242061_210c9e85f9745846cb8e6b82d2ec5c7a/firmware.safe.mips.dbg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"45.38.42.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469515/; classtype:trojan-activity;sid:84332615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.95.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469507/; classtype:trojan-activity;sid:84332607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469506/; classtype:trojan-activity;sid:84332606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.72.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469505/; classtype:trojan-activity;sid:84332605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469504/; classtype:trojan-activity;sid:84332604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.22.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469503/; classtype:trojan-activity;sid:84332603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.53.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469502/; classtype:trojan-activity;sid:84332602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.54.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469501/; classtype:trojan-activity;sid:84332601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469500)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.hoqud.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469500/; classtype:trojan-activity;sid:84332600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.144.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469499/; classtype:trojan-activity;sid:84332599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.156.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469498/; classtype:trojan-activity;sid:84332598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.188.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469497/; classtype:trojan-activity;sid:84332597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.95.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469496/; classtype:trojan-activity;sid:84332596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.144.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469495/; classtype:trojan-activity;sid:84332595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.194.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469494/; classtype:trojan-activity;sid:84332594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469493/; classtype:trojan-activity;sid:84332593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469491)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5984147365/ssj1szq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469491/; classtype:trojan-activity;sid:84332591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469492)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7212159662/hmngbpr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469492/; classtype:trojan-activity;sid:84332592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469489/; classtype:trojan-activity;sid:84332589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469490)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5419477542/adfoyxp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469490/; classtype:trojan-activity;sid:84332590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469486)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5149365135/ji5e4ie.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469486/; classtype:trojan-activity;sid:84332586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469487)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8032894631/9huddvk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469487/; classtype:trojan-activity;sid:84332587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469488)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6416878235/avkilpk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469488/; classtype:trojan-activity;sid:84332588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469485/; classtype:trojan-activity;sid:84332585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469484/; classtype:trojan-activity;sid:84332584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469482)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1203326979/lc0cogv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469482/; classtype:trojan-activity;sid:84332582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469483)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.luzog.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469483/; classtype:trojan-activity;sid:84332583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469481/; classtype:trojan-activity;sid:84332581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.142.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469479/; classtype:trojan-activity;sid:84332579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.75.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469480/; classtype:trojan-activity;sid:84332580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.183.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469478/; classtype:trojan-activity;sid:84332578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.46.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469477/; classtype:trojan-activity;sid:84332577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.85.33.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469476/; classtype:trojan-activity;sid:84332576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.85.33.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469474/; classtype:trojan-activity;sid:84332574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.135.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469475/; classtype:trojan-activity;sid:84332575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.70.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469473/; classtype:trojan-activity;sid:84332573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.194.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469472/; classtype:trojan-activity;sid:84332572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.53.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469471/; classtype:trojan-activity;sid:84332571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.183.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469470/; classtype:trojan-activity;sid:84332570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.121.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469469/; classtype:trojan-activity;sid:84332569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469468)"; flow:established,from_client; content:"GET"; http_method; content:"/freshhhhhhmanagersssss.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"192.3.220.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469468/; classtype:trojan-activity;sid:84332568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.75.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469467/; classtype:trojan-activity;sid:84332567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.11.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469466/; classtype:trojan-activity;sid:84332566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.108.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469464/; classtype:trojan-activity;sid:84332564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469465/; classtype:trojan-activity;sid:84332565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.92.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469463/; classtype:trojan-activity;sid:84332563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.128.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469462/; classtype:trojan-activity;sid:84332562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.70.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469461/; classtype:trojan-activity;sid:84332561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469458)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/trw.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469458/; classtype:trojan-activity;sid:84332558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469459)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/trw.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469459/; classtype:trojan-activity;sid:84332559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469460)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.146.184.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469460/; classtype:trojan-activity;sid:84332560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.203.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469457/; classtype:trojan-activity;sid:84332557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.46.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469456/; classtype:trojan-activity;sid:84332556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469455/; classtype:trojan-activity;sid:84332555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469454/; classtype:trojan-activity;sid:84332554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469453)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.huhop.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469453/; classtype:trojan-activity;sid:84332553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.108.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469452/; classtype:trojan-activity;sid:84332552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469451)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469451/; classtype:trojan-activity;sid:84332551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469439)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469439/; classtype:trojan-activity;sid:84332539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469440)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469440/; classtype:trojan-activity;sid:84332540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469441)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469441/; classtype:trojan-activity;sid:84332541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469442)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469442/; classtype:trojan-activity;sid:84332542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469443)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469443/; classtype:trojan-activity;sid:84332543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469444)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469444/; classtype:trojan-activity;sid:84332544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469445)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469445/; classtype:trojan-activity;sid:84332545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469446)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469446/; classtype:trojan-activity;sid:84332546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469447)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469447/; classtype:trojan-activity;sid:84332547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469448)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469448/; classtype:trojan-activity;sid:84332548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469449)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469449/; classtype:trojan-activity;sid:84332549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469450)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469450/; classtype:trojan-activity;sid:84332550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469369)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469369/; classtype:trojan-activity;sid:84332469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469370)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469370/; classtype:trojan-activity;sid:84332470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469371)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469371/; classtype:trojan-activity;sid:84332471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469372)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469372/; classtype:trojan-activity;sid:84332472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469373)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469373/; classtype:trojan-activity;sid:84332473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469374)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469374/; classtype:trojan-activity;sid:84332474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469375)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469375/; classtype:trojan-activity;sid:84332475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469376)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469376/; classtype:trojan-activity;sid:84332476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469377)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469377/; classtype:trojan-activity;sid:84332477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469378)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469378/; classtype:trojan-activity;sid:84332478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469379)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469379/; classtype:trojan-activity;sid:84332479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469380)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469380/; classtype:trojan-activity;sid:84332480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469381)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469381/; classtype:trojan-activity;sid:84332481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469382)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469382/; classtype:trojan-activity;sid:84332482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469383)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469383/; classtype:trojan-activity;sid:84332483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469384)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469384/; classtype:trojan-activity;sid:84332484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469385)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469385/; classtype:trojan-activity;sid:84332485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469386)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469386/; classtype:trojan-activity;sid:84332486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469387)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469387/; classtype:trojan-activity;sid:84332487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469388)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469388/; classtype:trojan-activity;sid:84332488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469389)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469389/; classtype:trojan-activity;sid:84332489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469390)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469390/; classtype:trojan-activity;sid:84332490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469391)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469391/; classtype:trojan-activity;sid:84332491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469392)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469392/; classtype:trojan-activity;sid:84332492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469393)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469393/; classtype:trojan-activity;sid:84332493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469394)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469394/; classtype:trojan-activity;sid:84332494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469395)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469395/; classtype:trojan-activity;sid:84332495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469396)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469396/; classtype:trojan-activity;sid:84332496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469397)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469397/; classtype:trojan-activity;sid:84332497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469398)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469398/; classtype:trojan-activity;sid:84332498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469399)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469399/; classtype:trojan-activity;sid:84332499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469400)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469400/; classtype:trojan-activity;sid:84332500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469401)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469401/; classtype:trojan-activity;sid:84332501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469402)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469402/; classtype:trojan-activity;sid:84332502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469403)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469403/; classtype:trojan-activity;sid:84332503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469404)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469404/; classtype:trojan-activity;sid:84332504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469405)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469405/; classtype:trojan-activity;sid:84332505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469406)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469406/; classtype:trojan-activity;sid:84332506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469407)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469407/; classtype:trojan-activity;sid:84332507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469408)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469408/; classtype:trojan-activity;sid:84332508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469409)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469409/; classtype:trojan-activity;sid:84332509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469410)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469410/; classtype:trojan-activity;sid:84332510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469411)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469411/; classtype:trojan-activity;sid:84332511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469412)"; flow:established,from_client; content:"GET"; http_method; content:"/h"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469412/; classtype:trojan-activity;sid:84332512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469413)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469413/; classtype:trojan-activity;sid:84332513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469414)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469414/; classtype:trojan-activity;sid:84332514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469415)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469415/; classtype:trojan-activity;sid:84332515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469416)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469416/; classtype:trojan-activity;sid:84332516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469417)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469417/; classtype:trojan-activity;sid:84332517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469418)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469418/; classtype:trojan-activity;sid:84332518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469419)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469419/; classtype:trojan-activity;sid:84332519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469420)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469420/; classtype:trojan-activity;sid:84332520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469421)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469421/; classtype:trojan-activity;sid:84332521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469422)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469422/; classtype:trojan-activity;sid:84332522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469423)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469423/; classtype:trojan-activity;sid:84332523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469424)"; flow:established,from_client; content:"GET"; http_method; content:"/h"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469424/; classtype:trojan-activity;sid:84332524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469425)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469425/; classtype:trojan-activity;sid:84332525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469426)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469426/; classtype:trojan-activity;sid:84332526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469427)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469427/; classtype:trojan-activity;sid:84332527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469428)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469428/; classtype:trojan-activity;sid:84332528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469429)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469429/; classtype:trojan-activity;sid:84332529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469430)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469430/; classtype:trojan-activity;sid:84332530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469431)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469431/; classtype:trojan-activity;sid:84332531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469432)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469432/; classtype:trojan-activity;sid:84332532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469433)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469433/; classtype:trojan-activity;sid:84332533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469434)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469434/; classtype:trojan-activity;sid:84332534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469435)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469435/; classtype:trojan-activity;sid:84332535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469436)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469436/; classtype:trojan-activity;sid:84332536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469437)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469437/; classtype:trojan-activity;sid:84332537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469438)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469438/; classtype:trojan-activity;sid:84332538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.205.84.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469368/; classtype:trojan-activity;sid:84332468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.160.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469367/; classtype:trojan-activity;sid:84332467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469366/; classtype:trojan-activity;sid:84332466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.200.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469365/; classtype:trojan-activity;sid:84332465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.100.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469364/; classtype:trojan-activity;sid:84332464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469363/; classtype:trojan-activity;sid:84332463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469362/; classtype:trojan-activity;sid:84332462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.37.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469361/; classtype:trojan-activity;sid:84332461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.160.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469360/; classtype:trojan-activity;sid:84332460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469359/; classtype:trojan-activity;sid:84332459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.123.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469357/; classtype:trojan-activity;sid:84332457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.243.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469358/; classtype:trojan-activity;sid:84332458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.50.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469356/; classtype:trojan-activity;sid:84332456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.123.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469355/; classtype:trojan-activity;sid:84332455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.55.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469354/; classtype:trojan-activity;sid:84332454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.221.90.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469353/; classtype:trojan-activity;sid:84332453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469351/; classtype:trojan-activity;sid:84332451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.100.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469352/; classtype:trojan-activity;sid:84332452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469350/; classtype:trojan-activity;sid:84332450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.102.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469349/; classtype:trojan-activity;sid:84332449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.250.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469348/; classtype:trojan-activity;sid:84332448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469347/; classtype:trojan-activity;sid:84332447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.123.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469346/; classtype:trojan-activity;sid:84332446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.52.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469345/; classtype:trojan-activity;sid:84332445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.96.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469344/; classtype:trojan-activity;sid:84332444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.71.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469342/; classtype:trojan-activity;sid:84332442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.168.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469343/; classtype:trojan-activity;sid:84332443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.96.217"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469339/; classtype:trojan-activity;sid:84332439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.148.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469340/; classtype:trojan-activity;sid:84332440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.141.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469341/; classtype:trojan-activity;sid:84332441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469338/; classtype:trojan-activity;sid:84332438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.32.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469337/; classtype:trojan-activity;sid:84332437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469335/; classtype:trojan-activity;sid:84332435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.109.47.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469336/; classtype:trojan-activity;sid:84332436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.4.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469333/; classtype:trojan-activity;sid:84332433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469334/; classtype:trojan-activity;sid:84332434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469332/; classtype:trojan-activity;sid:84332432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.253.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469329/; classtype:trojan-activity;sid:84332429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.190.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469330/; classtype:trojan-activity;sid:84332430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.231.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469331/; classtype:trojan-activity;sid:84332431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.250.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469328/; classtype:trojan-activity;sid:84332428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.221.90.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469327/; classtype:trojan-activity;sid:84332427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.144.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469326/; classtype:trojan-activity;sid:84332426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.210.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469325/; classtype:trojan-activity;sid:84332425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.20.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469324/; classtype:trojan-activity;sid:84332424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.90.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469323/; classtype:trojan-activity;sid:84332423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469322)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/1du0vgjs5h2gnjt/after_work.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469322/; classtype:trojan-activity;sid:84332422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.164.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469321/; classtype:trojan-activity;sid:84332421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.203.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469320/; classtype:trojan-activity;sid:84332420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.210.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469319/; classtype:trojan-activity;sid:84332419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.214.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469318/; classtype:trojan-activity;sid:84332418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.164.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469317/; classtype:trojan-activity;sid:84332417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.20.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469316/; classtype:trojan-activity;sid:84332416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.128.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469315/; classtype:trojan-activity;sid:84332415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469314/; classtype:trojan-activity;sid:84332414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.41.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469313/; classtype:trojan-activity;sid:84332413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469312)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.85.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469312/; classtype:trojan-activity;sid:84332412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.219.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469311/; classtype:trojan-activity;sid:84332411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.47.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469310/; classtype:trojan-activity;sid:84332410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.145.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469309/; classtype:trojan-activity;sid:84332409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.66.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469307/; classtype:trojan-activity;sid:84332407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.33.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469308/; classtype:trojan-activity;sid:84332408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.118.118.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469306/; classtype:trojan-activity;sid:84332406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.116.122.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469305/; classtype:trojan-activity;sid:84332405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.115.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469304/; classtype:trojan-activity;sid:84332404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.41.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469303/; classtype:trojan-activity;sid:84332403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.219.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469302/; classtype:trojan-activity;sid:84332402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.47.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469301/; classtype:trojan-activity;sid:84332401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469300/; classtype:trojan-activity;sid:84332400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.77.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469299/; classtype:trojan-activity;sid:84332399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.145.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469297/; classtype:trojan-activity;sid:84332397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469298/; classtype:trojan-activity;sid:84332398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469296/; classtype:trojan-activity;sid:84332396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.179.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469295/; classtype:trojan-activity;sid:84332395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469294)"; flow:established,from_client; content:"GET"; http_method; content:"/t/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.153.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469294/; classtype:trojan-activity;sid:84332394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.168.222.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469293/; classtype:trojan-activity;sid:84332393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.118.118.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469292/; classtype:trojan-activity;sid:84332392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469291)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.zoxog.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469291/; classtype:trojan-activity;sid:84332391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.115.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469290/; classtype:trojan-activity;sid:84332390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469289/; classtype:trojan-activity;sid:84332389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.122.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469288/; classtype:trojan-activity;sid:84332388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.168.222.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469287/; classtype:trojan-activity;sid:84332387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469286/; classtype:trojan-activity;sid:84332386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.182.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469285/; classtype:trojan-activity;sid:84332385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.255.247.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469284/; classtype:trojan-activity;sid:84332384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.77.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469283/; classtype:trojan-activity;sid:84332383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.221.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469282/; classtype:trojan-activity;sid:84332382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.81.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469281/; classtype:trojan-activity;sid:84332381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.156.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469280/; classtype:trojan-activity;sid:84332380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469279/; classtype:trojan-activity;sid:84332379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.182.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469278/; classtype:trojan-activity;sid:84332378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469277)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/uheqjgkognjjihs/after_work.mp3/file"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469277/; classtype:trojan-activity;sid:84332377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.155.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469276/; classtype:trojan-activity;sid:84332376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.203.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469275/; classtype:trojan-activity;sid:84332375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.61.230.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469274/; classtype:trojan-activity;sid:84332374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.174.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469273/; classtype:trojan-activity;sid:84332373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.156.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469272/; classtype:trojan-activity;sid:84332372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.180.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469271/; classtype:trojan-activity;sid:84332371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469270/; classtype:trojan-activity;sid:84332370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.182.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469269/; classtype:trojan-activity;sid:84332369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.215.4.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469268/; classtype:trojan-activity;sid:84332368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469267/; classtype:trojan-activity;sid:84332367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.212.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469266/; classtype:trojan-activity;sid:84332366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469265/; classtype:trojan-activity;sid:84332365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.4.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469264/; classtype:trojan-activity;sid:84332364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.180.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469263/; classtype:trojan-activity;sid:84332363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469262/; classtype:trojan-activity;sid:84332362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.98.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469258/; classtype:trojan-activity;sid:84332358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469259/; classtype:trojan-activity;sid:84332359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.136.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469260/; classtype:trojan-activity;sid:84332360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.168.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469261/; classtype:trojan-activity;sid:84332361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.22.5.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469252/; classtype:trojan-activity;sid:84332352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.85.37.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469253/; classtype:trojan-activity;sid:84332353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469254/; classtype:trojan-activity;sid:84332354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.122.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469255/; classtype:trojan-activity;sid:84332355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.52.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469256/; classtype:trojan-activity;sid:84332356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.131.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469257/; classtype:trojan-activity;sid:84332357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.68.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469251/; classtype:trojan-activity;sid:84332351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.144.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469250/; classtype:trojan-activity;sid:84332350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.212.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469249/; classtype:trojan-activity;sid:84332349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.89.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469247/; classtype:trojan-activity;sid:84332347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.116.244.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469248/; classtype:trojan-activity;sid:84332348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469246/; classtype:trojan-activity;sid:84332346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.85.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469245/; classtype:trojan-activity;sid:84332345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.174.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469244/; classtype:trojan-activity;sid:84332344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.50.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469243/; classtype:trojan-activity;sid:84332343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.212.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469242/; classtype:trojan-activity;sid:84332342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.212.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469241/; classtype:trojan-activity;sid:84332341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.75.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469240/; classtype:trojan-activity;sid:84332340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.48.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469239/; classtype:trojan-activity;sid:84332339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469238)"; flow:established,from_client; content:"GET"; http_method; content:"/img.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dashing-cassata-b94dd5.netlify.app"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469238/; classtype:trojan-activity;sid:84332338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.100.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469237/; classtype:trojan-activity;sid:84332337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.97.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469236/; classtype:trojan-activity;sid:84332336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.18.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469235/; classtype:trojan-activity;sid:84332335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.3.111"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469234/; classtype:trojan-activity;sid:84332334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469232/; classtype:trojan-activity;sid:84332332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.212.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469233/; classtype:trojan-activity;sid:84332333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.4.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469231/; classtype:trojan-activity;sid:84332331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.27.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469230/; classtype:trojan-activity;sid:84332330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.193.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469229/; classtype:trojan-activity;sid:84332329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.105.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469228/; classtype:trojan-activity;sid:84332328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.97.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469227/; classtype:trojan-activity;sid:84332327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.175.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469226/; classtype:trojan-activity;sid:84332326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469225)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.hoxif.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469225/; classtype:trojan-activity;sid:84332325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.193.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469224/; classtype:trojan-activity;sid:84332324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469223/; classtype:trojan-activity;sid:84332323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.4.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469221/; classtype:trojan-activity;sid:84332321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.234.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469222/; classtype:trojan-activity;sid:84332322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469220/; classtype:trojan-activity;sid:84332320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.105.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469219/; classtype:trojan-activity;sid:84332319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.47.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469218/; classtype:trojan-activity;sid:84332318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469217)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/8azufpfpc54uyhf/lonely_piano.mp3/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469217/; classtype:trojan-activity;sid:84332317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.175.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469216/; classtype:trojan-activity;sid:84332316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469215/; classtype:trojan-activity;sid:84332315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.127.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469214/; classtype:trojan-activity;sid:84332314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469213/; classtype:trojan-activity;sid:84332313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.54.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469212/; classtype:trojan-activity;sid:84332312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469204)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.guestitemsfound.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469204/; classtype:trojan-activity;sid:84332304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469205)"; flow:established,from_client; content:"GET"; http_method; content:"/urtlxiuqfsgpeoeb.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"s02-welcome.cfd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469205/; classtype:trojan-activity;sid:84332305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469208)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.guestdocfound.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469208/; classtype:trojan-activity;sid:84332308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469203/; classtype:trojan-activity;sid:84332303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.47.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469202/; classtype:trojan-activity;sid:84332302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.226.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469201/; classtype:trojan-activity;sid:84332301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469200/; classtype:trojan-activity;sid:84332300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469199/; classtype:trojan-activity;sid:84332299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.105.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469198/; classtype:trojan-activity;sid:84332298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.52.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469197/; classtype:trojan-activity;sid:84332297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.127.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469196/; classtype:trojan-activity;sid:84332296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.36.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469195/; classtype:trojan-activity;sid:84332295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.207.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469194/; classtype:trojan-activity;sid:84332294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.226.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469193/; classtype:trojan-activity;sid:84332293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469192)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/ofsnrwsc.pdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469192/; classtype:trojan-activity;sid:84332292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469190)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/qbkdeavtqv.pdf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469190/; classtype:trojan-activity;sid:84332290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469191)"; flow:established,from_client; content:"GET"; http_method; content:"/nby/pdljaqda.mp4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469191/; classtype:trojan-activity;sid:84332291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469189)"; flow:established,from_client; content:"GET"; http_method; content:"/slo.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"zevikon.sa.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469189/; classtype:trojan-activity;sid:84332289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469186)"; flow:established,from_client; content:"GET"; http_method; content:"/whkdpomrcdbpykpqnfbx171.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"109.248.144.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469186/; classtype:trojan-activity;sid:84332286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469187)"; flow:established,from_client; content:"GET"; http_method; content:"/jebeykyffyuweia235.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.92.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469187/; classtype:trojan-activity;sid:84332287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.169.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469188/; classtype:trojan-activity;sid:84332288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.136.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469185/; classtype:trojan-activity;sid:84332285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469182)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6003232782/pcaivj0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469182/; classtype:trojan-activity;sid:84332282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.226.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469183/; classtype:trojan-activity;sid:84332283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469184)"; flow:established,from_client; content:"GET"; http_method; content:"/files/748049926/nhdltpt.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469184/; classtype:trojan-activity;sid:84332284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.0.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469181/; classtype:trojan-activity;sid:84332281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469180)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6334933365/ce4pmzk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469180/; classtype:trojan-activity;sid:84332280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469179/; classtype:trojan-activity;sid:84332279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469178/; classtype:trojan-activity;sid:84332278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.110.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469177/; classtype:trojan-activity;sid:84332277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.242.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469176/; classtype:trojan-activity;sid:84332276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.219.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469175/; classtype:trojan-activity;sid:84332275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.70.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469174/; classtype:trojan-activity;sid:84332274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.11.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469173/; classtype:trojan-activity;sid:84332273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.207.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469172/; classtype:trojan-activity;sid:84332272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469171/; classtype:trojan-activity;sid:84332271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469169/; classtype:trojan-activity;sid:84332269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.105.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469170/; classtype:trojan-activity;sid:84332270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.46.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469167/; classtype:trojan-activity;sid:84332267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.165.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469168/; classtype:trojan-activity;sid:84332268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.169.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469166/; classtype:trojan-activity;sid:84332266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.136.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469165/; classtype:trojan-activity;sid:84332265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469164/; classtype:trojan-activity;sid:84332264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469163)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.sh4"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469163/; classtype:trojan-activity;sid:84332263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469162)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.arm6"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469162/; classtype:trojan-activity;sid:84332262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469156)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.arm5"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469156/; classtype:trojan-activity;sid:84332256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469157)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.arm7"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469157/; classtype:trojan-activity;sid:84332257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469158)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.arc"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469158/; classtype:trojan-activity;sid:84332258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469159)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.i686"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469159/; classtype:trojan-activity;sid:84332259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469160)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.ppc"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469160/; classtype:trojan-activity;sid:84332260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469161)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.x86_64"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469161/; classtype:trojan-activity;sid:84332261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469154)"; flow:established,from_client; content:"GET"; http_method; content:"/part/1setup2847_sys_work.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"89.185.80.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469154/; classtype:trojan-activity;sid:84332254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469155)"; flow:established,from_client; content:"GET"; http_method; content:"/part/setup6541.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.185.80.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469155/; classtype:trojan-activity;sid:84332255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469152)"; flow:established,from_client; content:"GET"; http_method; content:"/teambuild/bt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.67.17.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469152/; classtype:trojan-activity;sid:84332252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469153)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.spc"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469153/; classtype:trojan-activity;sid:84332253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469148)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.m68k"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469148/; classtype:trojan-activity;sid:84332248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469149)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.mpsl"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469149/; classtype:trojan-activity;sid:84332249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469150)"; flow:established,from_client; content:"GET"; http_method; content:"/part/2setup2847_user_work.msi"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"89.185.80.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469150/; classtype:trojan-activity;sid:84332250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469151)"; flow:established,from_client; content:"GET"; http_method; content:"/part/setup5168.msi_"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.185.80.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469151/; classtype:trojan-activity;sid:84332251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469142)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.arm"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469142/; classtype:trojan-activity;sid:84332242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.144.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469143/; classtype:trojan-activity;sid:84332243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469144)"; flow:established,from_client; content:"GET"; http_method; content:"/part/setup5168.msi_2detect"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.185.80.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469144/; classtype:trojan-activity;sid:84332244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469145)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.x86"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469145/; classtype:trojan-activity;sid:84332245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469146)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.mips"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469146/; classtype:trojan-activity;sid:84332246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469147)"; flow:established,from_client; content:"GET"; http_method; content:"/please-subscribe-to-my-yt-channel-vegasec/1isequal9.i486"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"103.83.86.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469147/; classtype:trojan-activity;sid:84332247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469141)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ex0z94e1lritzngiydv500frrcvqhu7h"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469141/; classtype:trojan-activity;sid:84332241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469134)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.zte"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469134/; classtype:trojan-activity;sid:84332234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469135)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469135/; classtype:trojan-activity;sid:84332235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469136)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"65.1.83.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469136/; classtype:trojan-activity;sid:84332236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469137)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469137/; classtype:trojan-activity;sid:84332237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469138)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.i486"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469138/; classtype:trojan-activity;sid:84332238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469139)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469139/; classtype:trojan-activity;sid:84332239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469140)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469140/; classtype:trojan-activity;sid:84332240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.11.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469133/; classtype:trojan-activity;sid:84332233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469132/; classtype:trojan-activity;sid:84332232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.70.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469131/; classtype:trojan-activity;sid:84332231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.165.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469130/; classtype:trojan-activity;sid:84332230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.77.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469129/; classtype:trojan-activity;sid:84332229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.46.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469128/; classtype:trojan-activity;sid:84332228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469127/; classtype:trojan-activity;sid:84332227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.241.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469126/; classtype:trojan-activity;sid:84332226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.105.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469125/; classtype:trojan-activity;sid:84332225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.214.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469124/; classtype:trojan-activity;sid:84332224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469123/; classtype:trojan-activity;sid:84332223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.208.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469122/; classtype:trojan-activity;sid:84332222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.144.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469121/; classtype:trojan-activity;sid:84332221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.90.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469120/; classtype:trojan-activity;sid:84332220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.218.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469119/; classtype:trojan-activity;sid:84332219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.207.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469118/; classtype:trojan-activity;sid:84332218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.205.84.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469117/; classtype:trojan-activity;sid:84332217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.208.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469116/; classtype:trojan-activity;sid:84332216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.207.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469115/; classtype:trojan-activity;sid:84332215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.218.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469114/; classtype:trojan-activity;sid:84332214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469113/; classtype:trojan-activity;sid:84332213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469112/; classtype:trojan-activity;sid:84332212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.92.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469111/; classtype:trojan-activity;sid:84332211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469110/; classtype:trojan-activity;sid:84332210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.133.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469108/; classtype:trojan-activity;sid:84332208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.187.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469109/; classtype:trojan-activity;sid:84332209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.9.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469107/; classtype:trojan-activity;sid:84332207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469106/; classtype:trojan-activity;sid:84332206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.9.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469105/; classtype:trojan-activity;sid:84332205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469103)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jojeg.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469103/; classtype:trojan-activity;sid:84332203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.156.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469104/; classtype:trojan-activity;sid:84332204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.91.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469102/; classtype:trojan-activity;sid:84332202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.50.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469101/; classtype:trojan-activity;sid:84332201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.123.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469100/; classtype:trojan-activity;sid:84332200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.50.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469099/; classtype:trojan-activity;sid:84332199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.142.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469098/; classtype:trojan-activity;sid:84332198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469097/; classtype:trojan-activity;sid:84332197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.80.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469096/; classtype:trojan-activity;sid:84332196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469095)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.29.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469095/; classtype:trojan-activity;sid:84332195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.33.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469094/; classtype:trojan-activity;sid:84332194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.159.91.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469093/; classtype:trojan-activity;sid:84332193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.213.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469092/; classtype:trojan-activity;sid:84332192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469090/; classtype:trojan-activity;sid:84332190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.23.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469091/; classtype:trojan-activity;sid:84332191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.123.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469089/; classtype:trojan-activity;sid:84332189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469088/; classtype:trojan-activity;sid:84332188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.91.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469087/; classtype:trojan-activity;sid:84332187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469086/; classtype:trojan-activity;sid:84332186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469085/; classtype:trojan-activity;sid:84332185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.130.231.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469084/; classtype:trojan-activity;sid:84332184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.253.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469083/; classtype:trojan-activity;sid:84332183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.186.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469082/; classtype:trojan-activity;sid:84332182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.82.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469081/; classtype:trojan-activity;sid:84332181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.13.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469080/; classtype:trojan-activity;sid:84332180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469079/; classtype:trojan-activity;sid:84332179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469078/; classtype:trojan-activity;sid:84332178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.72.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469077/; classtype:trojan-activity;sid:84332177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.159.91.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469076/; classtype:trojan-activity;sid:84332176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.48.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469075/; classtype:trojan-activity;sid:84332175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469074/; classtype:trojan-activity;sid:84332174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.13.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469073/; classtype:trojan-activity;sid:84332173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.252.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469072/; classtype:trojan-activity;sid:84332172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.123.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469071/; classtype:trojan-activity;sid:84332171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.124.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469069/; classtype:trojan-activity;sid:84332169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469070/; classtype:trojan-activity;sid:84332170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469068/; classtype:trojan-activity;sid:84332168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.166.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469067/; classtype:trojan-activity;sid:84332167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.23.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469066/; classtype:trojan-activity;sid:84332166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.48.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469065/; classtype:trojan-activity;sid:84332165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.130.231.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469064/; classtype:trojan-activity;sid:84332164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.32.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469063/; classtype:trojan-activity;sid:84332163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.41.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469062/; classtype:trojan-activity;sid:84332162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469061/; classtype:trojan-activity;sid:84332161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.247.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469060/; classtype:trojan-activity;sid:84332160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469059/; classtype:trojan-activity;sid:84332159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469058)"; flow:established,from_client; content:"GET"; http_method; content:"/.j/sus"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.245.112.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469058/; classtype:trojan-activity;sid:84332158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.240.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469057/; classtype:trojan-activity;sid:84332157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.26.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469056/; classtype:trojan-activity;sid:84332156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.247.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469055/; classtype:trojan-activity;sid:84332155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.42.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469054/; classtype:trojan-activity;sid:84332154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.26.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469052/; classtype:trojan-activity;sid:84332152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.202.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469053/; classtype:trojan-activity;sid:84332153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.236.194.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469051/; classtype:trojan-activity;sid:84332151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.250.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469050/; classtype:trojan-activity;sid:84332150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.43.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469049/; classtype:trojan-activity;sid:84332149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.101.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469048/; classtype:trojan-activity;sid:84332148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469047)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469047/; classtype:trojan-activity;sid:84332147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469045)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469045/; classtype:trojan-activity;sid:84332145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469046)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469046/; classtype:trojan-activity;sid:84332146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469044)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469044/; classtype:trojan-activity;sid:84332144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469043)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469043/; classtype:trojan-activity;sid:84332143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469041)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469041/; classtype:trojan-activity;sid:84332141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469042/; classtype:trojan-activity;sid:84332142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.153.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469040/; classtype:trojan-activity;sid:84332140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.36.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469039/; classtype:trojan-activity;sid:84332139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.70.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469038/; classtype:trojan-activity;sid:84332138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.67.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469037/; classtype:trojan-activity;sid:84332137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.43.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469036/; classtype:trojan-activity;sid:84332136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.250.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469035/; classtype:trojan-activity;sid:84332135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.43.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469034/; classtype:trojan-activity;sid:84332134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.236.194.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469033/; classtype:trojan-activity;sid:84332133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469032/; classtype:trojan-activity;sid:84332132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.43.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469030/; classtype:trojan-activity;sid:84332130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469031/; classtype:trojan-activity;sid:84332131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469028/; classtype:trojan-activity;sid:84332128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.153.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469029/; classtype:trojan-activity;sid:84332129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.191.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469027/; classtype:trojan-activity;sid:84332127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.227.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469023/; classtype:trojan-activity;sid:84332123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469024/; classtype:trojan-activity;sid:84332124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.123.228.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469025/; classtype:trojan-activity;sid:84332125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.36.0.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469026/; classtype:trojan-activity;sid:84332126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.135.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469022/; classtype:trojan-activity;sid:84332122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469021/; classtype:trojan-activity;sid:84332121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469020/; classtype:trojan-activity;sid:84332120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469017/; classtype:trojan-activity;sid:84332117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.48.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469018/; classtype:trojan-activity;sid:84332118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.50.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469019/; classtype:trojan-activity;sid:84332119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.21.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469015/; classtype:trojan-activity;sid:84332115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.159.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469016/; classtype:trojan-activity;sid:84332116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.237.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469013/; classtype:trojan-activity;sid:84332113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.67.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469014/; classtype:trojan-activity;sid:84332114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.10.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469012/; classtype:trojan-activity;sid:84332112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.213.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469011/; classtype:trojan-activity;sid:84332111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.96.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469010/; classtype:trojan-activity;sid:84332110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.160.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469008/; classtype:trojan-activity;sid:84332108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.145.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469009/; classtype:trojan-activity;sid:84332109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469007/; classtype:trojan-activity;sid:84332107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469006/; classtype:trojan-activity;sid:84332106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.145.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469005/; classtype:trojan-activity;sid:84332105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469004/; classtype:trojan-activity;sid:84332104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.159.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469003/; classtype:trojan-activity;sid:84332103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.237.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469002/; classtype:trojan-activity;sid:84332102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.49.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469001/; classtype:trojan-activity;sid:84332101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.160.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469000/; classtype:trojan-activity;sid:84332100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.10.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468999/; classtype:trojan-activity;sid:84332099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468998/; classtype:trojan-activity;sid:84332098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.167.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468997/; classtype:trojan-activity;sid:84332097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.218.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468996/; classtype:trojan-activity;sid:84332096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.221.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468995/; classtype:trojan-activity;sid:84332095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.114.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468994/; classtype:trojan-activity;sid:84332094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.78.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468993/; classtype:trojan-activity;sid:84332093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.167.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468992/; classtype:trojan-activity;sid:84332092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468991)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/x5xd2u9v5e9vxsa/lonely_piano.mp3/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468991/; classtype:trojan-activity;sid:84332091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468990)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468990/; classtype:trojan-activity;sid:84332090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468989)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468989/; classtype:trojan-activity;sid:84332089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468988)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468988/; classtype:trojan-activity;sid:84332088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.233.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468987/; classtype:trojan-activity;sid:84332087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.201.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468986/; classtype:trojan-activity;sid:84332086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.60.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468984/; classtype:trojan-activity;sid:84332084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468985/; classtype:trojan-activity;sid:84332085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.94.142.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468983/; classtype:trojan-activity;sid:84332083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468982)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.141.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468982/; classtype:trojan-activity;sid:84332082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.114.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468981/; classtype:trojan-activity;sid:84332081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.131.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468979/; classtype:trojan-activity;sid:84332079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468980/; classtype:trojan-activity;sid:84332080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.94.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468978/; classtype:trojan-activity;sid:84332078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.18.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468977/; classtype:trojan-activity;sid:84332077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.191.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468976/; classtype:trojan-activity;sid:84332076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.233.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468975/; classtype:trojan-activity;sid:84332075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.18.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468974/; classtype:trojan-activity;sid:84332074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.142.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468973/; classtype:trojan-activity;sid:84332073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.0.85.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468972/; classtype:trojan-activity;sid:84332072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.66.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468970/; classtype:trojan-activity;sid:84332070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468971/; classtype:trojan-activity;sid:84332071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.36.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468969/; classtype:trojan-activity;sid:84332069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.90.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468968/; classtype:trojan-activity;sid:84332068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.75.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468967/; classtype:trojan-activity;sid:84332067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.12.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468966/; classtype:trojan-activity;sid:84332066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.247.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468965/; classtype:trojan-activity;sid:84332065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.176.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468964/; classtype:trojan-activity;sid:84332064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.246.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468963/; classtype:trojan-activity;sid:84332063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.73.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468962/; classtype:trojan-activity;sid:84332062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.191.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468961/; classtype:trojan-activity;sid:84332061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.10.13"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468960/; classtype:trojan-activity;sid:84332060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468959)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.fasod.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468959/; classtype:trojan-activity;sid:84332059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.202.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468958/; classtype:trojan-activity;sid:84332058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.85.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468957/; classtype:trojan-activity;sid:84332057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.54.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468956/; classtype:trojan-activity;sid:84332056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.75.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468955/; classtype:trojan-activity;sid:84332055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468954/; classtype:trojan-activity;sid:84332054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468953/; classtype:trojan-activity;sid:84332053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.10.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468952/; classtype:trojan-activity;sid:84332052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.90.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468951/; classtype:trojan-activity;sid:84332051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.12.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468950/; classtype:trojan-activity;sid:84332050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.246.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468949/; classtype:trojan-activity;sid:84332049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468948/; classtype:trojan-activity;sid:84332048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.73.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468947/; classtype:trojan-activity;sid:84332047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468946)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.126.252.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468946/; classtype:trojan-activity;sid:84332046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.14.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468945/; classtype:trojan-activity;sid:84332045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468944/; classtype:trojan-activity;sid:84332044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.98.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468943/; classtype:trojan-activity;sid:84332043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.10.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468942/; classtype:trojan-activity;sid:84332042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.231.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468941/; classtype:trojan-activity;sid:84332041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468940/; classtype:trojan-activity;sid:84332040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.179.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468939/; classtype:trojan-activity;sid:84332039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468938/; classtype:trojan-activity;sid:84332038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468937/; classtype:trojan-activity;sid:84332037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.138.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468935/; classtype:trojan-activity;sid:84332035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.218.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468936/; classtype:trojan-activity;sid:84332036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.96.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468934/; classtype:trojan-activity;sid:84332034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468931/; classtype:trojan-activity;sid:84332031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.109.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468932/; classtype:trojan-activity;sid:84332032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.53.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468933/; classtype:trojan-activity;sid:84332033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.82"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468930/; classtype:trojan-activity;sid:84332030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468929/; classtype:trojan-activity;sid:84332029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.122.61.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468928/; classtype:trojan-activity;sid:84332028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.30.168.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468927/; classtype:trojan-activity;sid:84332027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.152.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468924/; classtype:trojan-activity;sid:84332024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.89.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468925/; classtype:trojan-activity;sid:84332025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.85.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468926/; classtype:trojan-activity;sid:84332026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.80.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468923/; classtype:trojan-activity;sid:84332023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468922/; classtype:trojan-activity;sid:84332022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.162.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468921/; classtype:trojan-activity;sid:84332021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.60.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468920/; classtype:trojan-activity;sid:84332020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.190.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468919/; classtype:trojan-activity;sid:84332019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.226.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3468918/; classtype:trojan-activity;sid:84332018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.11.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468917/; classtype:trojan-activity;sid:84332017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.55.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468916/; classtype:trojan-activity;sid:84332016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468915/; classtype:trojan-activity;sid:84332015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.10.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468914/; classtype:trojan-activity;sid:84332014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.30.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468913/; classtype:trojan-activity;sid:84332013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.208.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468912/; classtype:trojan-activity;sid:84332012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.211.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468910/; classtype:trojan-activity;sid:84332010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.215.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468911/; classtype:trojan-activity;sid:84332011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.179.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468909/; classtype:trojan-activity;sid:84332009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.82.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468908/; classtype:trojan-activity;sid:84332008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.46.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468907/; classtype:trojan-activity;sid:84332007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.63.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468906/; classtype:trojan-activity;sid:84332006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.63.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468905/; classtype:trojan-activity;sid:84332005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.213.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468904/; classtype:trojan-activity;sid:84332004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.10.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468903/; classtype:trojan-activity;sid:84332003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.145.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468902/; classtype:trojan-activity;sid:84332002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468901/; classtype:trojan-activity;sid:84332001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.11.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468900/; classtype:trojan-activity;sid:84332000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468899/; classtype:trojan-activity;sid:84331999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.66.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468898/; classtype:trojan-activity;sid:84331998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468897/; classtype:trojan-activity;sid:84331997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.49.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468896/; classtype:trojan-activity;sid:84331996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.48.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468895/; classtype:trojan-activity;sid:84331995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468894/; classtype:trojan-activity;sid:84331994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.82.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468893/; classtype:trojan-activity;sid:84331993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.55.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468892/; classtype:trojan-activity;sid:84331992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.93.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468891/; classtype:trojan-activity;sid:84331991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.123.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468890/; classtype:trojan-activity;sid:84331990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.87.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468889/; classtype:trojan-activity;sid:84331989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.48.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468888/; classtype:trojan-activity;sid:84331988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468887/; classtype:trojan-activity;sid:84331987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.49.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468886/; classtype:trojan-activity;sid:84331986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.177.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468885/; classtype:trojan-activity;sid:84331985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.240.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468884/; classtype:trojan-activity;sid:84331984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.175.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468883/; classtype:trojan-activity;sid:84331983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.150.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468882/; classtype:trojan-activity;sid:84331982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.34.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468881/; classtype:trojan-activity;sid:84331981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.122.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468880/; classtype:trojan-activity;sid:84331980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468879/; classtype:trojan-activity;sid:84331979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.124.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468878/; classtype:trojan-activity;sid:84331978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468877/; classtype:trojan-activity;sid:84331977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.162.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468876/; classtype:trojan-activity;sid:84331976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.175.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468875/; classtype:trojan-activity;sid:84331975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.240.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468874/; classtype:trojan-activity;sid:84331974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468873/; classtype:trojan-activity;sid:84331973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468872)"; flow:established,from_client; content:"GET"; http_method; content:"/xraqwapfu.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"galerisenimutiara.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468872/; classtype:trojan-activity;sid:84331972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.124.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468871/; classtype:trojan-activity;sid:84331971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.94.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468870/; classtype:trojan-activity;sid:84331970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.148.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468869/; classtype:trojan-activity;sid:84331969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.114.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468868/; classtype:trojan-activity;sid:84331968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.156.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468867/; classtype:trojan-activity;sid:84331967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.61.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468866/; classtype:trojan-activity;sid:84331966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468865/; classtype:trojan-activity;sid:84331965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.87.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468863/; classtype:trojan-activity;sid:84331963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.102.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468864/; classtype:trojan-activity;sid:84331964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.156.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468862/; classtype:trojan-activity;sid:84331962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.162.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468861/; classtype:trojan-activity;sid:84331961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.78.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468860/; classtype:trojan-activity;sid:84331960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.66.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468859/; classtype:trojan-activity;sid:84331959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.94.142.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468858/; classtype:trojan-activity;sid:84331958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.94.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468857/; classtype:trojan-activity;sid:84331957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.245.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468856/; classtype:trojan-activity;sid:84331956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.8.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468855/; classtype:trojan-activity;sid:84331955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.148.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468854/; classtype:trojan-activity;sid:84331954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468853)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/onm094zfkd7ehcu/lonely_piano.mp3/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468853/; classtype:trojan-activity;sid:84331953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.47.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468852/; classtype:trojan-activity;sid:84331952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.56.102.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468851/; classtype:trojan-activity;sid:84331951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.11.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468850/; classtype:trojan-activity;sid:84331950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.22.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468849/; classtype:trojan-activity;sid:84331949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.11.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468848/; classtype:trojan-activity;sid:84331948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.78.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468847/; classtype:trojan-activity;sid:84331947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.121.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468846/; classtype:trojan-activity;sid:84331946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.142.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468845/; classtype:trojan-activity;sid:84331945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.61.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468844/; classtype:trojan-activity;sid:84331944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.41.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468843/; classtype:trojan-activity;sid:84331943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.23.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468842/; classtype:trojan-activity;sid:84331942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.159.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468841/; classtype:trojan-activity;sid:84331941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.130.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468840/; classtype:trojan-activity;sid:84331940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.44.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468839/; classtype:trojan-activity;sid:84331939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.8.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468838/; classtype:trojan-activity;sid:84331938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468837/; classtype:trojan-activity;sid:84331937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.228.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468836/; classtype:trojan-activity;sid:84331936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.95.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468835/; classtype:trojan-activity;sid:84331935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.233.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468834/; classtype:trojan-activity;sid:84331934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.161.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468833/; classtype:trojan-activity;sid:84331933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.44.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468832/; classtype:trojan-activity;sid:84331932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.255.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468831/; classtype:trojan-activity;sid:84331931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468830/; classtype:trojan-activity;sid:84331930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.13.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468829/; classtype:trojan-activity;sid:84331929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.159.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468828/; classtype:trojan-activity;sid:84331928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.65.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468827/; classtype:trojan-activity;sid:84331927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.230.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468826/; classtype:trojan-activity;sid:84331926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468825/; classtype:trojan-activity;sid:84331925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.130.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468824/; classtype:trojan-activity;sid:84331924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468823/; classtype:trojan-activity;sid:84331923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.95.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468822/; classtype:trojan-activity;sid:84331922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.13.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468821/; classtype:trojan-activity;sid:84331921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.161.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468820/; classtype:trojan-activity;sid:84331920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468819/; classtype:trojan-activity;sid:84331919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.61.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468818/; classtype:trojan-activity;sid:84331918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.204.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468817/; classtype:trojan-activity;sid:84331917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.65.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468816/; classtype:trojan-activity;sid:84331916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.46.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468815/; classtype:trojan-activity;sid:84331915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.230.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468814/; classtype:trojan-activity;sid:84331914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.190.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468813/; classtype:trojan-activity;sid:84331913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468812)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.228.213.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468812/; classtype:trojan-activity;sid:84331912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468811)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.debij.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468811/; classtype:trojan-activity;sid:84331911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468810/; classtype:trojan-activity;sid:84331910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.25.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468809/; classtype:trojan-activity;sid:84331909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.222.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468807/; classtype:trojan-activity;sid:84331907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"161.248.54.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468808/; classtype:trojan-activity;sid:84331908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.176.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468806/; classtype:trojan-activity;sid:84331906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.73.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468805/; classtype:trojan-activity;sid:84331905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.8.46.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468803/; classtype:trojan-activity;sid:84331903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.170.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468804/; classtype:trojan-activity;sid:84331904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.190.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468802/; classtype:trojan-activity;sid:84331902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.99.220"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468801/; classtype:trojan-activity;sid:84331901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.233.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468800/; classtype:trojan-activity;sid:84331900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.74.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468799/; classtype:trojan-activity;sid:84331899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.46.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468798/; classtype:trojan-activity;sid:84331898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.135.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468797/; classtype:trojan-activity;sid:84331897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.204.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468796/; classtype:trojan-activity;sid:84331896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.97.149.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468795/; classtype:trojan-activity;sid:84331895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.106.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468794/; classtype:trojan-activity;sid:84331894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.148.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468793/; classtype:trojan-activity;sid:84331893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.139.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468792/; classtype:trojan-activity;sid:84331892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.216.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468791/; classtype:trojan-activity;sid:84331891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.135.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468790/; classtype:trojan-activity;sid:84331890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.148.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468789/; classtype:trojan-activity;sid:84331889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468788)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/lwh3gvh5onkf1tr/lonely_piano.mp3/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468788/; classtype:trojan-activity;sid:84331888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.240.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468787/; classtype:trojan-activity;sid:84331887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.8.46.114"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468786/; classtype:trojan-activity;sid:84331886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.106.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468785/; classtype:trojan-activity;sid:84331885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.211.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468784/; classtype:trojan-activity;sid:84331884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.63.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468783/; classtype:trojan-activity;sid:84331883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.135.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468782/; classtype:trojan-activity;sid:84331882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.73.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468781/; classtype:trojan-activity;sid:84331881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.74.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468780/; classtype:trojan-activity;sid:84331880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.170.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468779/; classtype:trojan-activity;sid:84331879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.56.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468778/; classtype:trojan-activity;sid:84331878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468777/; classtype:trojan-activity;sid:84331877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.220"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468776/; classtype:trojan-activity;sid:84331876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.56.120.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468775/; classtype:trojan-activity;sid:84331875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.6.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468774/; classtype:trojan-activity;sid:84331874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.216.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468773/; classtype:trojan-activity;sid:84331873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.239.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468772/; classtype:trojan-activity;sid:84331872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.13.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468771/; classtype:trojan-activity;sid:84331871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.56.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468770/; classtype:trojan-activity;sid:84331870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.75.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468769/; classtype:trojan-activity;sid:84331869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.173.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468768/; classtype:trojan-activity;sid:84331868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.6.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468767/; classtype:trojan-activity;sid:84331867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.172.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468766/; classtype:trojan-activity;sid:84331866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.34.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468765/; classtype:trojan-activity;sid:84331865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.180.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468764/; classtype:trojan-activity;sid:84331864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.73.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468763/; classtype:trojan-activity;sid:84331863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.77.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468762/; classtype:trojan-activity;sid:84331862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.13.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468761/; classtype:trojan-activity;sid:84331861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.75.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468760/; classtype:trojan-activity;sid:84331860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.214.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468759/; classtype:trojan-activity;sid:84331859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.92.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468758/; classtype:trojan-activity;sid:84331858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.172.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468757/; classtype:trojan-activity;sid:84331857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.147.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468756/; classtype:trojan-activity;sid:84331856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.173.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468755/; classtype:trojan-activity;sid:84331855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.180.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468753/; classtype:trojan-activity;sid:84331853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.119.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468754/; classtype:trojan-activity;sid:84331854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.98.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468752/; classtype:trojan-activity;sid:84331852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468750/; classtype:trojan-activity;sid:84331850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.77.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468751/; classtype:trojan-activity;sid:84331851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.51.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468749/; classtype:trojan-activity;sid:84331849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.238.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468748/; classtype:trojan-activity;sid:84331848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.20.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468747/; classtype:trojan-activity;sid:84331847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468746)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468746/; classtype:trojan-activity;sid:84331846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.18.28"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468745/; classtype:trojan-activity;sid:84331845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.127.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468744/; classtype:trojan-activity;sid:84331844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468742)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468742/; classtype:trojan-activity;sid:84331842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468743)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468743/; classtype:trojan-activity;sid:84331843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468741)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468741/; classtype:trojan-activity;sid:84331841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468739)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468739/; classtype:trojan-activity;sid:84331839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468740)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468740/; classtype:trojan-activity;sid:84331840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468738)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468738/; classtype:trojan-activity;sid:84331838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468734)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468734/; classtype:trojan-activity;sid:84331834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468735)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468735/; classtype:trojan-activity;sid:84331835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468736)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468736/; classtype:trojan-activity;sid:84331836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468737)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468737/; classtype:trojan-activity;sid:84331837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468732)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468732/; classtype:trojan-activity;sid:84331832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468733)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468733/; classtype:trojan-activity;sid:84331833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468731)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lmm.score.symposiumhaiti.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468731/; classtype:trojan-activity;sid:84331831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468729)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468729/; classtype:trojan-activity;sid:84331829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468730)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468730/; classtype:trojan-activity;sid:84331830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468726)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468726/; classtype:trojan-activity;sid:84331826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468727)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468727/; classtype:trojan-activity;sid:84331827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468728)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468728/; classtype:trojan-activity;sid:84331828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468724)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ziwel.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468724/; classtype:trojan-activity;sid:84331824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468725)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468725/; classtype:trojan-activity;sid:84331825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.101.84.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468721/; classtype:trojan-activity;sid:84331821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468722)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468722/; classtype:trojan-activity;sid:84331822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468723)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468723/; classtype:trojan-activity;sid:84331823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468718)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468718/; classtype:trojan-activity;sid:84331818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468719)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468719/; classtype:trojan-activity;sid:84331819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468720)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468720/; classtype:trojan-activity;sid:84331820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468715/; classtype:trojan-activity;sid:84331815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468716/; classtype:trojan-activity;sid:84331816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468717)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468717/; classtype:trojan-activity;sid:84331817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468712)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468712/; classtype:trojan-activity;sid:84331812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.136.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468713/; classtype:trojan-activity;sid:84331813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.125.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468714/; classtype:trojan-activity;sid:84331814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468707)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"197.89.122.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468707/; classtype:trojan-activity;sid:84331807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468708)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.100.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468708/; classtype:trojan-activity;sid:84331808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.33.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468709/; classtype:trojan-activity;sid:84331809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.136.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468710/; classtype:trojan-activity;sid:84331810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468711/; classtype:trojan-activity;sid:84331811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.244.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468701/; classtype:trojan-activity;sid:84331801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468702)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468702/; classtype:trojan-activity;sid:84331802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468703)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468703/; classtype:trojan-activity;sid:84331803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468704)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468704/; classtype:trojan-activity;sid:84331804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.147.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468705/; classtype:trojan-activity;sid:84331805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468706/; classtype:trojan-activity;sid:84331806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.239.146.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468699/; classtype:trojan-activity;sid:84331799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.47.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468700/; classtype:trojan-activity;sid:84331800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468691)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468691/; classtype:trojan-activity;sid:84331791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468692)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468692/; classtype:trojan-activity;sid:84331792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468693)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468693/; classtype:trojan-activity;sid:84331793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.66.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468694/; classtype:trojan-activity;sid:84331794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468695)"; flow:established,from_client; content:"GET"; http_method; content:"/eftdeposit3325/eftdeposit3325/downloads/order3425.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468695/; classtype:trojan-activity;sid:84331795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468696)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468696/; classtype:trojan-activity;sid:84331796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.130.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468697/; classtype:trojan-activity;sid:84331797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468698)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/lslyuk1vuncaoik/lonely_piano.mp3/file"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468698/; classtype:trojan-activity;sid:84331798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.242.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468689/; classtype:trojan-activity;sid:84331789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.43.88.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468690/; classtype:trojan-activity;sid:84331790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468684)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468684/; classtype:trojan-activity;sid:84331784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468685)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468685/; classtype:trojan-activity;sid:84331785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468686)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468686/; classtype:trojan-activity;sid:84331786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468687)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468687/; classtype:trojan-activity;sid:84331787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.27.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468688/; classtype:trojan-activity;sid:84331788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468683)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468683/; classtype:trojan-activity;sid:84331783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.53.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468677/; classtype:trojan-activity;sid:84331777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468678)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468678/; classtype:trojan-activity;sid:84331778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468679)"; flow:established,from_client; content:"GET"; http_method; content:"/woodnot/bet/downloads/ffdmfak.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468679/; classtype:trojan-activity;sid:84331779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.233.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468680/; classtype:trojan-activity;sid:84331780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468681/; classtype:trojan-activity;sid:84331781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468682)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/apizer.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468682/; classtype:trojan-activity;sid:84331782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.4.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468674/; classtype:trojan-activity;sid:84331774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468675)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468675/; classtype:trojan-activity;sid:84331775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468676)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468676/; classtype:trojan-activity;sid:84331776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.163.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468669/; classtype:trojan-activity;sid:84331769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468670)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468670/; classtype:trojan-activity;sid:84331770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468671)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"65.1.83.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468671/; classtype:trojan-activity;sid:84331771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468672)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468672/; classtype:trojan-activity;sid:84331772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468673)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468673/; classtype:trojan-activity;sid:84331773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468666)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468666/; classtype:trojan-activity;sid:84331766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468667)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/sapizer.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468667/; classtype:trojan-activity;sid:84331767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.87.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468668/; classtype:trojan-activity;sid:84331768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.130.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468663/; classtype:trojan-activity;sid:84331763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.143.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468664/; classtype:trojan-activity;sid:84331764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468665/; classtype:trojan-activity;sid:84331765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.98.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468661/; classtype:trojan-activity;sid:84331761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468662/; classtype:trojan-activity;sid:84331762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.97.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468659/; classtype:trojan-activity;sid:84331759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468660)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468660/; classtype:trojan-activity;sid:84331760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.158.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468653/; classtype:trojan-activity;sid:84331753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468654/; classtype:trojan-activity;sid:84331754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468655)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468655/; classtype:trojan-activity;sid:84331755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468656)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468656/; classtype:trojan-activity;sid:84331756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.25.137.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468657/; classtype:trojan-activity;sid:84331757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468658)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468658/; classtype:trojan-activity;sid:84331758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.40.69.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468650/; classtype:trojan-activity;sid:84331750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468651)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468651/; classtype:trojan-activity;sid:84331751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.72.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468652/; classtype:trojan-activity;sid:84331752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468642/; classtype:trojan-activity;sid:84331742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468643)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468643/; classtype:trojan-activity;sid:84331743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468644)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468644/; classtype:trojan-activity;sid:84331744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468645)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468645/; classtype:trojan-activity;sid:84331745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.41.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468646/; classtype:trojan-activity;sid:84331746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468647)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468647/; classtype:trojan-activity;sid:84331747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468648)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468648/; classtype:trojan-activity;sid:84331748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468649)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468649/; classtype:trojan-activity;sid:84331749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468640)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468640/; classtype:trojan-activity;sid:84331740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468641)"; flow:established,from_client; content:"GET"; http_method; content:"/part/install.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"autoparts-online.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468641/; classtype:trojan-activity;sid:84331741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468638)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468638/; classtype:trojan-activity;sid:84331738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468639)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468639/; classtype:trojan-activity;sid:84331739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.125.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468635/; classtype:trojan-activity;sid:84331735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468636/; classtype:trojan-activity;sid:84331736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.102.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468637/; classtype:trojan-activity;sid:84331737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.202.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468631/; classtype:trojan-activity;sid:84331731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468632)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468632/; classtype:trojan-activity;sid:84331732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468633)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468633/; classtype:trojan-activity;sid:84331733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468634)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468634/; classtype:trojan-activity;sid:84331734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468628)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468628/; classtype:trojan-activity;sid:84331728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.97.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468629/; classtype:trojan-activity;sid:84331729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468630)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468630/; classtype:trojan-activity;sid:84331730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.5.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468623/; classtype:trojan-activity;sid:84331723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468624)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468624/; classtype:trojan-activity;sid:84331724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468625)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468625/; classtype:trojan-activity;sid:84331725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468626)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.25.51.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468626/; classtype:trojan-activity;sid:84331726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468627)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468627/; classtype:trojan-activity;sid:84331727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.17.229.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468621/; classtype:trojan-activity;sid:84331721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468622)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468622/; classtype:trojan-activity;sid:84331722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.200.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468618/; classtype:trojan-activity;sid:84331718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.54.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468619/; classtype:trojan-activity;sid:84331719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468620)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"universami.ge"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468620/; classtype:trojan-activity;sid:84331720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468612)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468612/; classtype:trojan-activity;sid:84331712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468613)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468613/; classtype:trojan-activity;sid:84331713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.35.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468614/; classtype:trojan-activity;sid:84331714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468615)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"autoparts-online.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468615/; classtype:trojan-activity;sid:84331715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468616)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468616/; classtype:trojan-activity;sid:84331716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.194.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468617/; classtype:trojan-activity;sid:84331717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468609)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468609/; classtype:trojan-activity;sid:84331709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.108.51.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468610/; classtype:trojan-activity;sid:84331710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468611/; classtype:trojan-activity;sid:84331711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468605)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468605/; classtype:trojan-activity;sid:84331705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468606)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"65.1.83.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468606/; classtype:trojan-activity;sid:84331706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468607)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"65.1.83.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468607/; classtype:trojan-activity;sid:84331707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.18.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468608/; classtype:trojan-activity;sid:84331708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468602)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468602/; classtype:trojan-activity;sid:84331702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.108.51.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468603/; classtype:trojan-activity;sid:84331703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468604)"; flow:established,from_client; content:"GET"; http_method; content:"/woodnot/bet/downloads/cnfmcha.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468604/; classtype:trojan-activity;sid:84331704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468596)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468596/; classtype:trojan-activity;sid:84331696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468597)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468597/; classtype:trojan-activity;sid:84331697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.103.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468598/; classtype:trojan-activity;sid:84331698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468599)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.124.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468599/; classtype:trojan-activity;sid:84331699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.200.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468600/; classtype:trojan-activity;sid:84331700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468601)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/document.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.181.3.35"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468601/; classtype:trojan-activity;sid:84331701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.122.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468594/; classtype:trojan-activity;sid:84331694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.109.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468595/; classtype:trojan-activity;sid:84331695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468583)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.189.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468583/; classtype:trojan-activity;sid:84331683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468584)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468584/; classtype:trojan-activity;sid:84331684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.150.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468585/; classtype:trojan-activity;sid:84331685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468586)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468586/; classtype:trojan-activity;sid:84331686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468587)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468587/; classtype:trojan-activity;sid:84331687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468588)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468588/; classtype:trojan-activity;sid:84331688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468589)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.150.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468589/; classtype:trojan-activity;sid:84331689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468590)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468590/; classtype:trojan-activity;sid:84331690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.91.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468591/; classtype:trojan-activity;sid:84331691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468592)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468592/; classtype:trojan-activity;sid:84331692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468593)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468593/; classtype:trojan-activity;sid:84331693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468580)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468580/; classtype:trojan-activity;sid:84331680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468581/; classtype:trojan-activity;sid:84331681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468582/; classtype:trojan-activity;sid:84331682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468576)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468576/; classtype:trojan-activity;sid:84331676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468577)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468577/; classtype:trojan-activity;sid:84331677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468578)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.datot.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468578/; classtype:trojan-activity;sid:84331678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.222.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468579/; classtype:trojan-activity;sid:84331679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468574)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468574/; classtype:trojan-activity;sid:84331674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468575/; classtype:trojan-activity;sid:84331675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.123.88.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468569/; classtype:trojan-activity;sid:84331669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468570)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468570/; classtype:trojan-activity;sid:84331670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468571/; classtype:trojan-activity;sid:84331671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.120.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468572/; classtype:trojan-activity;sid:84331672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468573/; classtype:trojan-activity;sid:84331673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.143.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468566/; classtype:trojan-activity;sid:84331666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.118.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468567/; classtype:trojan-activity;sid:84331667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.62.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468568/; classtype:trojan-activity;sid:84331668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468561)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468561/; classtype:trojan-activity;sid:84331661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468562)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468562/; classtype:trojan-activity;sid:84331662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.118.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468563/; classtype:trojan-activity;sid:84331663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.198.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468564/; classtype:trojan-activity;sid:84331664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.158.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468565/; classtype:trojan-activity;sid:84331665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.147.125.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468557/; classtype:trojan-activity;sid:84331657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468558)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468558/; classtype:trojan-activity;sid:84331658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.62.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468559/; classtype:trojan-activity;sid:84331659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468560)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.kural.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468560/; classtype:trojan-activity;sid:84331660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468554)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468554/; classtype:trojan-activity;sid:84331654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468555)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468555/; classtype:trojan-activity;sid:84331655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.97.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468556/; classtype:trojan-activity;sid:84331656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.35.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468553/; classtype:trojan-activity;sid:84331653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468551)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468551/; classtype:trojan-activity;sid:84331651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.61.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468552/; classtype:trojan-activity;sid:84331652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.225.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468550/; classtype:trojan-activity;sid:84331650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468547)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468547/; classtype:trojan-activity;sid:84331647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468548/; classtype:trojan-activity;sid:84331648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.41.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468549/; classtype:trojan-activity;sid:84331649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468543)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"65.1.83.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468543/; classtype:trojan-activity;sid:84331643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.131.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468544/; classtype:trojan-activity;sid:84331644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468545)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"65.1.83.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468545/; classtype:trojan-activity;sid:84331645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.72.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468546/; classtype:trojan-activity;sid:84331646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468539)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468539/; classtype:trojan-activity;sid:84331639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468540)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468540/; classtype:trojan-activity;sid:84331640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.183.193.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468541/; classtype:trojan-activity;sid:84331641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468542)"; flow:established,from_client; content:"GET"; http_method; content:"/eftdeposit3325/eftdeposit3325/downloads/order.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468542/; classtype:trojan-activity;sid:84331642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468537)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468537/; classtype:trojan-activity;sid:84331637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.66.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468538/; classtype:trojan-activity;sid:84331638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.69.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468536/; classtype:trojan-activity;sid:84331636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468531)"; flow:established,from_client; content:"GET"; http_method; content:"/part/install.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.181.3.35"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468531/; classtype:trojan-activity;sid:84331631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468532)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468532/; classtype:trojan-activity;sid:84331632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468533)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468533/; classtype:trojan-activity;sid:84331633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468534)"; flow:established,from_client; content:"GET"; http_method; content:"/woodnot/bet/downloads/nkkoenm.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468534/; classtype:trojan-activity;sid:84331634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468535)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468535/; classtype:trojan-activity;sid:84331635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468527)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468527/; classtype:trojan-activity;sid:84331627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468528)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468528/; classtype:trojan-activity;sid:84331628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468529)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468529/; classtype:trojan-activity;sid:84331629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.204.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468530/; classtype:trojan-activity;sid:84331630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.214.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468525/; classtype:trojan-activity;sid:84331625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.245.14.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468526/; classtype:trojan-activity;sid:84331626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.17.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468522/; classtype:trojan-activity;sid:84331622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468523/; classtype:trojan-activity;sid:84331623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.122.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468524/; classtype:trojan-activity;sid:84331624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468520)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/document.pdf.url"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.3.35"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468520/; classtype:trojan-activity;sid:84331620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468521)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468521/; classtype:trojan-activity;sid:84331621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.101.84.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468518/; classtype:trojan-activity;sid:84331618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.252.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468519/; classtype:trojan-activity;sid:84331619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468514/; classtype:trojan-activity;sid:84331614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.89.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468515/; classtype:trojan-activity;sid:84331615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468516)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.22.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468516/; classtype:trojan-activity;sid:84331616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468517)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468517/; classtype:trojan-activity;sid:84331617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468510)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468510/; classtype:trojan-activity;sid:84331610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.163.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468511/; classtype:trojan-activity;sid:84331611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468512)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468512/; classtype:trojan-activity;sid:84331612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.10.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468513/; classtype:trojan-activity;sid:84331613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.40.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468500/; classtype:trojan-activity;sid:84331600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468501)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468501/; classtype:trojan-activity;sid:84331601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468502)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468502/; classtype:trojan-activity;sid:84331602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468503)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468503/; classtype:trojan-activity;sid:84331603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468504)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468504/; classtype:trojan-activity;sid:84331604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468505)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468505/; classtype:trojan-activity;sid:84331605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468506)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468506/; classtype:trojan-activity;sid:84331606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468507/; classtype:trojan-activity;sid:84331607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.118.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468508/; classtype:trojan-activity;sid:84331608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.180.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468509/; classtype:trojan-activity;sid:84331609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468498)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468498/; classtype:trojan-activity;sid:84331598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468499)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468499/; classtype:trojan-activity;sid:84331599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468497)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"152.172.132.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468497/; classtype:trojan-activity;sid:84331597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.109.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468495/; classtype:trojan-activity;sid:84331595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468496)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468496/; classtype:trojan-activity;sid:84331596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.214.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468493/; classtype:trojan-activity;sid:84331593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468494)"; flow:established,from_client; content:"GET"; http_method; content:"/woodnot/bet/downloads/afgmsim.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468494/; classtype:trojan-activity;sid:84331594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468491)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468491/; classtype:trojan-activity;sid:84331591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468492)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468492/; classtype:trojan-activity;sid:84331592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.10.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468485/; classtype:trojan-activity;sid:84331585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468486)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"onllne-cltadelle-lv.abyssalempress.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468486/; classtype:trojan-activity;sid:84331586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.150.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468487/; classtype:trojan-activity;sid:84331587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468488)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468488/; classtype:trojan-activity;sid:84331588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468489)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468489/; classtype:trojan-activity;sid:84331589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.72.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468490/; classtype:trojan-activity;sid:84331590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468482)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468482/; classtype:trojan-activity;sid:84331582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468483)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.dailyinspirationuplift.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468483/; classtype:trojan-activity;sid:84331583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468484)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468484/; classtype:trojan-activity;sid:84331584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.91.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468478/; classtype:trojan-activity;sid:84331578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.103.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468479/; classtype:trojan-activity;sid:84331579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.8.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468480/; classtype:trojan-activity;sid:84331580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.183.220.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468481/; classtype:trojan-activity;sid:84331581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.35.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468472/; classtype:trojan-activity;sid:84331572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468473)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468473/; classtype:trojan-activity;sid:84331573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468474)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468474/; classtype:trojan-activity;sid:84331574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468475)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468475/; classtype:trojan-activity;sid:84331575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468476)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468476/; classtype:trojan-activity;sid:84331576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468477)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468477/; classtype:trojan-activity;sid:84331577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468469)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468469/; classtype:trojan-activity;sid:84331569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.165.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468470/; classtype:trojan-activity;sid:84331570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.111.130.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468471/; classtype:trojan-activity;sid:84331571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468467)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468467/; classtype:trojan-activity;sid:84331567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468468)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468468/; classtype:trojan-activity;sid:84331568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468461)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468461/; classtype:trojan-activity;sid:84331561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468462)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468462/; classtype:trojan-activity;sid:84331562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468463)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dy-topyp.seoxcommerce.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468463/; classtype:trojan-activity;sid:84331563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468464)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468464/; classtype:trojan-activity;sid:84331564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468465)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"flnon-co.soypanoli.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468465/; classtype:trojan-activity;sid:84331565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468466)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468466/; classtype:trojan-activity;sid:84331566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468460)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ets-cold.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468460/; classtype:trojan-activity;sid:84331560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.89.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468459/; classtype:trojan-activity;sid:84331559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468458/; classtype:trojan-activity;sid:84331558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.97.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468457/; classtype:trojan-activity;sid:84331557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.73.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468454/; classtype:trojan-activity;sid:84331554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468455)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"65.1.83.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468455/; classtype:trojan-activity;sid:84331555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.73.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468456/; classtype:trojan-activity;sid:84331556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.27.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468452/; classtype:trojan-activity;sid:84331552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468453/; classtype:trojan-activity;sid:84331553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468451/; classtype:trojan-activity;sid:84331551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468447)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/normalizer.ocx"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468447/; classtype:trojan-activity;sid:84331547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.8.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468448/; classtype:trojan-activity;sid:84331548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468449)"; flow:established,from_client; content:"GET"; http_method; content:"/eftdeposit3325/eftdeposit3325/downloads/deposit.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468449/; classtype:trojan-activity;sid:84331549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.119.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468450/; classtype:trojan-activity;sid:84331550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.54.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468445/; classtype:trojan-activity;sid:84331545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.210.199.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468446/; classtype:trojan-activity;sid:84331546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.4.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468441/; classtype:trojan-activity;sid:84331541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.66.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468442/; classtype:trojan-activity;sid:84331542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.248.166.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468443/; classtype:trojan-activity;sid:84331543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.157.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468444/; classtype:trojan-activity;sid:84331544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.86.105.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468435/; classtype:trojan-activity;sid:84331535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.14.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468436/; classtype:trojan-activity;sid:84331536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.147.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468437/; classtype:trojan-activity;sid:84331537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.194.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468438/; classtype:trojan-activity;sid:84331538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.73.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468439/; classtype:trojan-activity;sid:84331539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.77.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468440/; classtype:trojan-activity;sid:84331540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468429)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"65.1.83.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468429/; classtype:trojan-activity;sid:84331529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.147.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468430/; classtype:trojan-activity;sid:84331530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468431)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/document.pdf.url"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"autoparts-online.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468431/; classtype:trojan-activity;sid:84331531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468432/; classtype:trojan-activity;sid:84331532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.120.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468433/; classtype:trojan-activity;sid:84331533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468434/; classtype:trojan-activity;sid:84331534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468428)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468428/; classtype:trojan-activity;sid:84331528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468427)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468427/; classtype:trojan-activity;sid:84331527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468426)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468426/; classtype:trojan-activity;sid:84331526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468425)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468425/; classtype:trojan-activity;sid:84331525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468423)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468423/; classtype:trojan-activity;sid:84331523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468424)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468424/; classtype:trojan-activity;sid:84331524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468422)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468422/; classtype:trojan-activity;sid:84331522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468405)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468405/; classtype:trojan-activity;sid:84331505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468406)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468406/; classtype:trojan-activity;sid:84331506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468407)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468407/; classtype:trojan-activity;sid:84331507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468408)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468408/; classtype:trojan-activity;sid:84331508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468409)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468409/; classtype:trojan-activity;sid:84331509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468410)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468410/; classtype:trojan-activity;sid:84331510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468411)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468411/; classtype:trojan-activity;sid:84331511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468412)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468412/; classtype:trojan-activity;sid:84331512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468413)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468413/; classtype:trojan-activity;sid:84331513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468414)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468414/; classtype:trojan-activity;sid:84331514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468415)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468415/; classtype:trojan-activity;sid:84331515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468416)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468416/; classtype:trojan-activity;sid:84331516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468417)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468417/; classtype:trojan-activity;sid:84331517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468418)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468418/; classtype:trojan-activity;sid:84331518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468419)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468419/; classtype:trojan-activity;sid:84331519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468420)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468420/; classtype:trojan-activity;sid:84331520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468421)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468421/; classtype:trojan-activity;sid:84331521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468404)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468404/; classtype:trojan-activity;sid:84331504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468401)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468401/; classtype:trojan-activity;sid:84331501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468402)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468402/; classtype:trojan-activity;sid:84331502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468403)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468403/; classtype:trojan-activity;sid:84331503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468392)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468392/; classtype:trojan-activity;sid:84331492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468393)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468393/; classtype:trojan-activity;sid:84331493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468394)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468394/; classtype:trojan-activity;sid:84331494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468395)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468395/; classtype:trojan-activity;sid:84331495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468396)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468396/; classtype:trojan-activity;sid:84331496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468397)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468397/; classtype:trojan-activity;sid:84331497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468398)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468398/; classtype:trojan-activity;sid:84331498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468399)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468399/; classtype:trojan-activity;sid:84331499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468400)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468400/; classtype:trojan-activity;sid:84331500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468377)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468377/; classtype:trojan-activity;sid:84331477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468378)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468378/; classtype:trojan-activity;sid:84331478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468379)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468379/; classtype:trojan-activity;sid:84331479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468380)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468380/; classtype:trojan-activity;sid:84331480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468381)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468381/; classtype:trojan-activity;sid:84331481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468382)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468382/; classtype:trojan-activity;sid:84331482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468383)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468383/; classtype:trojan-activity;sid:84331483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468384)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468384/; classtype:trojan-activity;sid:84331484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468385)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468385/; classtype:trojan-activity;sid:84331485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468386)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468386/; classtype:trojan-activity;sid:84331486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468387)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468387/; classtype:trojan-activity;sid:84331487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468388)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468388/; classtype:trojan-activity;sid:84331488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468389)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468389/; classtype:trojan-activity;sid:84331489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468390)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468390/; classtype:trojan-activity;sid:84331490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468391)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468391/; classtype:trojan-activity;sid:84331491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468373)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468373/; classtype:trojan-activity;sid:84331473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468374)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468374/; classtype:trojan-activity;sid:84331474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468375)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468375/; classtype:trojan-activity;sid:84331475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468376)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468376/; classtype:trojan-activity;sid:84331476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468372)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468372/; classtype:trojan-activity;sid:84331472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468364)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468364/; classtype:trojan-activity;sid:84331464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468365)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468365/; classtype:trojan-activity;sid:84331465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468366)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468366/; classtype:trojan-activity;sid:84331466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468367)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468367/; classtype:trojan-activity;sid:84331467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468368)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468368/; classtype:trojan-activity;sid:84331468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468369)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468369/; classtype:trojan-activity;sid:84331469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468370)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468370/; classtype:trojan-activity;sid:84331470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468371)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468371/; classtype:trojan-activity;sid:84331471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468343)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468343/; classtype:trojan-activity;sid:84331443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468344)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468344/; classtype:trojan-activity;sid:84331444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468345)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468345/; classtype:trojan-activity;sid:84331445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468346)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468346/; classtype:trojan-activity;sid:84331446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468347)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468347/; classtype:trojan-activity;sid:84331447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468348)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468348/; classtype:trojan-activity;sid:84331448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468349)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468349/; classtype:trojan-activity;sid:84331449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468350)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468350/; classtype:trojan-activity;sid:84331450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468351)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468351/; classtype:trojan-activity;sid:84331451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468352)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468352/; classtype:trojan-activity;sid:84331452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468353)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468353/; classtype:trojan-activity;sid:84331453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468354)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468354/; classtype:trojan-activity;sid:84331454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468355)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468355/; classtype:trojan-activity;sid:84331455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468356)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468356/; classtype:trojan-activity;sid:84331456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468357)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468357/; classtype:trojan-activity;sid:84331457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468358)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468358/; classtype:trojan-activity;sid:84331458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468359)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468359/; classtype:trojan-activity;sid:84331459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468360)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468360/; classtype:trojan-activity;sid:84331460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468361)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468361/; classtype:trojan-activity;sid:84331461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468362)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468362/; classtype:trojan-activity;sid:84331462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468363)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468363/; classtype:trojan-activity;sid:84331463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468342)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468342/; classtype:trojan-activity;sid:84331442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468336)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468336/; classtype:trojan-activity;sid:84331436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468337)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468337/; classtype:trojan-activity;sid:84331437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468338)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468338/; classtype:trojan-activity;sid:84331438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468339)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468339/; classtype:trojan-activity;sid:84331439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468340)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468340/; classtype:trojan-activity;sid:84331440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468341)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468341/; classtype:trojan-activity;sid:84331441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468335)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468335/; classtype:trojan-activity;sid:84331435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468326)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468326/; classtype:trojan-activity;sid:84331426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468327)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468327/; classtype:trojan-activity;sid:84331427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468328)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468328/; classtype:trojan-activity;sid:84331428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468329)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468329/; classtype:trojan-activity;sid:84331429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468330)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468330/; classtype:trojan-activity;sid:84331430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468331)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468331/; classtype:trojan-activity;sid:84331431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468332)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468332/; classtype:trojan-activity;sid:84331432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468333)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468333/; classtype:trojan-activity;sid:84331433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468334)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468334/; classtype:trojan-activity;sid:84331434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468325)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468325/; classtype:trojan-activity;sid:84331425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468319)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468319/; classtype:trojan-activity;sid:84331419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468320)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468320/; classtype:trojan-activity;sid:84331420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468321)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468321/; classtype:trojan-activity;sid:84331421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468322)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468322/; classtype:trojan-activity;sid:84331422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468323)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468323/; classtype:trojan-activity;sid:84331423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468324)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468324/; classtype:trojan-activity;sid:84331424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468300)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468300/; classtype:trojan-activity;sid:84331400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468301)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468301/; classtype:trojan-activity;sid:84331401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468302)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468302/; classtype:trojan-activity;sid:84331402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468303)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468303/; classtype:trojan-activity;sid:84331403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468304)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468304/; classtype:trojan-activity;sid:84331404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468305)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468305/; classtype:trojan-activity;sid:84331405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468306)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468306/; classtype:trojan-activity;sid:84331406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468307)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468307/; classtype:trojan-activity;sid:84331407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468308)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468308/; classtype:trojan-activity;sid:84331408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468309)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468309/; classtype:trojan-activity;sid:84331409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468310)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468310/; classtype:trojan-activity;sid:84331410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468311)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468311/; classtype:trojan-activity;sid:84331411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468312)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468312/; classtype:trojan-activity;sid:84331412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468313)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468313/; classtype:trojan-activity;sid:84331413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468314)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468314/; classtype:trojan-activity;sid:84331414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468315)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468315/; classtype:trojan-activity;sid:84331415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468316)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468316/; classtype:trojan-activity;sid:84331416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468317)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468317/; classtype:trojan-activity;sid:84331417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468318)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468318/; classtype:trojan-activity;sid:84331418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468297)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468297/; classtype:trojan-activity;sid:84331397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468298)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468298/; classtype:trojan-activity;sid:84331398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468299)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468299/; classtype:trojan-activity;sid:84331399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468296)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468296/; classtype:trojan-activity;sid:84331396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468292)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468292/; classtype:trojan-activity;sid:84331392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468293)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468293/; classtype:trojan-activity;sid:84331393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468294)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468294/; classtype:trojan-activity;sid:84331394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468295)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468295/; classtype:trojan-activity;sid:84331395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468285)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468285/; classtype:trojan-activity;sid:84331385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468286)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468286/; classtype:trojan-activity;sid:84331386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468287)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468287/; classtype:trojan-activity;sid:84331387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468288)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468288/; classtype:trojan-activity;sid:84331388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468289)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468289/; classtype:trojan-activity;sid:84331389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468290)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468290/; classtype:trojan-activity;sid:84331390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468291)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468291/; classtype:trojan-activity;sid:84331391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468265)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468265/; classtype:trojan-activity;sid:84331365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468266)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468266/; classtype:trojan-activity;sid:84331366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468267)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468267/; classtype:trojan-activity;sid:84331367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468268)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468268/; classtype:trojan-activity;sid:84331368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468269)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468269/; classtype:trojan-activity;sid:84331369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468270)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468270/; classtype:trojan-activity;sid:84331370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468271)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468271/; classtype:trojan-activity;sid:84331371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468272)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468272/; classtype:trojan-activity;sid:84331372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468273)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468273/; classtype:trojan-activity;sid:84331373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468274)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468274/; classtype:trojan-activity;sid:84331374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468275)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468275/; classtype:trojan-activity;sid:84331375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468276)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468276/; classtype:trojan-activity;sid:84331376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468277)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468277/; classtype:trojan-activity;sid:84331377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468278)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468278/; classtype:trojan-activity;sid:84331378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468279)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468279/; classtype:trojan-activity;sid:84331379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468280)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468280/; classtype:trojan-activity;sid:84331380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468281)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468281/; classtype:trojan-activity;sid:84331381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468282)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468282/; classtype:trojan-activity;sid:84331382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468283)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468283/; classtype:trojan-activity;sid:84331383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468284)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468284/; classtype:trojan-activity;sid:84331384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468261)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468261/; classtype:trojan-activity;sid:84331361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468262)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468262/; classtype:trojan-activity;sid:84331362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468263)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468263/; classtype:trojan-activity;sid:84331363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468264)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468264/; classtype:trojan-activity;sid:84331364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468259)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468259/; classtype:trojan-activity;sid:84331359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468260)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468260/; classtype:trojan-activity;sid:84331360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468244)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468244/; classtype:trojan-activity;sid:84331344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468245)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468245/; classtype:trojan-activity;sid:84331345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468246)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468246/; classtype:trojan-activity;sid:84331346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468247)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468247/; classtype:trojan-activity;sid:84331347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468248)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468248/; classtype:trojan-activity;sid:84331348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468249)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468249/; classtype:trojan-activity;sid:84331349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468250)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468250/; classtype:trojan-activity;sid:84331350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468251)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468251/; classtype:trojan-activity;sid:84331351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468252)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468252/; classtype:trojan-activity;sid:84331352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468253)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468253/; classtype:trojan-activity;sid:84331353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468254)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468254/; classtype:trojan-activity;sid:84331354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468255)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468255/; classtype:trojan-activity;sid:84331355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468256)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468256/; classtype:trojan-activity;sid:84331356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468257)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468257/; classtype:trojan-activity;sid:84331357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468258)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468258/; classtype:trojan-activity;sid:84331358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468238)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468238/; classtype:trojan-activity;sid:84331338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468239)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468239/; classtype:trojan-activity;sid:84331339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468240)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468240/; classtype:trojan-activity;sid:84331340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468241)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468241/; classtype:trojan-activity;sid:84331341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468242)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468242/; classtype:trojan-activity;sid:84331342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468243)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468243/; classtype:trojan-activity;sid:84331343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468229)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468229/; classtype:trojan-activity;sid:84331329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468230)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468230/; classtype:trojan-activity;sid:84331330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468231)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468231/; classtype:trojan-activity;sid:84331331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468232)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468232/; classtype:trojan-activity;sid:84331332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468233)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468233/; classtype:trojan-activity;sid:84331333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468234)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468234/; classtype:trojan-activity;sid:84331334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468235)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468235/; classtype:trojan-activity;sid:84331335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468236)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468236/; classtype:trojan-activity;sid:84331336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468237)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468237/; classtype:trojan-activity;sid:84331337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468225)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468225/; classtype:trojan-activity;sid:84331325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468226)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468226/; classtype:trojan-activity;sid:84331326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468227)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468227/; classtype:trojan-activity;sid:84331327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468228)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468228/; classtype:trojan-activity;sid:84331328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468206)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468206/; classtype:trojan-activity;sid:84331306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468207)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468207/; classtype:trojan-activity;sid:84331307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468208)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468208/; classtype:trojan-activity;sid:84331308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468209)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468209/; classtype:trojan-activity;sid:84331309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468210)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468210/; classtype:trojan-activity;sid:84331310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468211)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468211/; classtype:trojan-activity;sid:84331311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468212)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468212/; classtype:trojan-activity;sid:84331312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468213)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468213/; classtype:trojan-activity;sid:84331313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468214)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468214/; classtype:trojan-activity;sid:84331314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468215)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468215/; classtype:trojan-activity;sid:84331315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468216)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468216/; classtype:trojan-activity;sid:84331316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468217)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468217/; classtype:trojan-activity;sid:84331317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468218)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468218/; classtype:trojan-activity;sid:84331318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468219)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468219/; classtype:trojan-activity;sid:84331319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468220)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468220/; classtype:trojan-activity;sid:84331320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468221)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468221/; classtype:trojan-activity;sid:84331321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468222)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468222/; classtype:trojan-activity;sid:84331322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468223)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468223/; classtype:trojan-activity;sid:84331323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468224)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468224/; classtype:trojan-activity;sid:84331324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468202)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468202/; classtype:trojan-activity;sid:84331302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468203)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468203/; classtype:trojan-activity;sid:84331303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468204)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468204/; classtype:trojan-activity;sid:84331304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468205)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468205/; classtype:trojan-activity;sid:84331305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468197)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468197/; classtype:trojan-activity;sid:84331297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468198)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468198/; classtype:trojan-activity;sid:84331298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468199)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468199/; classtype:trojan-activity;sid:84331299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468200)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468200/; classtype:trojan-activity;sid:84331300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468201)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468201/; classtype:trojan-activity;sid:84331301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468190)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468190/; classtype:trojan-activity;sid:84331290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468191)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468191/; classtype:trojan-activity;sid:84331291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468192)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468192/; classtype:trojan-activity;sid:84331292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468193)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468193/; classtype:trojan-activity;sid:84331293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468194)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468194/; classtype:trojan-activity;sid:84331294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468195)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468195/; classtype:trojan-activity;sid:84331295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468196)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468196/; classtype:trojan-activity;sid:84331296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468173)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468173/; classtype:trojan-activity;sid:84331273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468174)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468174/; classtype:trojan-activity;sid:84331274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468175)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468175/; classtype:trojan-activity;sid:84331275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468176)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468176/; classtype:trojan-activity;sid:84331276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468177)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468177/; classtype:trojan-activity;sid:84331277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468178)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468178/; classtype:trojan-activity;sid:84331278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468179)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468179/; classtype:trojan-activity;sid:84331279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468180)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468180/; classtype:trojan-activity;sid:84331280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468181)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468181/; classtype:trojan-activity;sid:84331281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468182)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468182/; classtype:trojan-activity;sid:84331282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468183)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468183/; classtype:trojan-activity;sid:84331283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468184)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468184/; classtype:trojan-activity;sid:84331284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468185)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468185/; classtype:trojan-activity;sid:84331285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468186)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468186/; classtype:trojan-activity;sid:84331286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468187)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468187/; classtype:trojan-activity;sid:84331287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468188)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468188/; classtype:trojan-activity;sid:84331288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468189)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468189/; classtype:trojan-activity;sid:84331289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468168)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468168/; classtype:trojan-activity;sid:84331268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468169)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468169/; classtype:trojan-activity;sid:84331269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468170)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468170/; classtype:trojan-activity;sid:84331270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468171)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468171/; classtype:trojan-activity;sid:84331271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468172)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468172/; classtype:trojan-activity;sid:84331272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468163)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468163/; classtype:trojan-activity;sid:84331263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468164)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468164/; classtype:trojan-activity;sid:84331264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468165)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468165/; classtype:trojan-activity;sid:84331265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468166)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468166/; classtype:trojan-activity;sid:84331266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468167)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468167/; classtype:trojan-activity;sid:84331267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468161)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468161/; classtype:trojan-activity;sid:84331261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468162)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468162/; classtype:trojan-activity;sid:84331262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468148)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468148/; classtype:trojan-activity;sid:84331248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468149)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468149/; classtype:trojan-activity;sid:84331249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468150)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468150/; classtype:trojan-activity;sid:84331250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468151)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468151/; classtype:trojan-activity;sid:84331251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468152)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468152/; classtype:trojan-activity;sid:84331252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468153)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468153/; classtype:trojan-activity;sid:84331253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468154)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468154/; classtype:trojan-activity;sid:84331254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468155)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468155/; classtype:trojan-activity;sid:84331255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468156)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468156/; classtype:trojan-activity;sid:84331256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468157)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468157/; classtype:trojan-activity;sid:84331257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468158)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468158/; classtype:trojan-activity;sid:84331258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468159)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468159/; classtype:trojan-activity;sid:84331259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468160)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468160/; classtype:trojan-activity;sid:84331260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468135)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468135/; classtype:trojan-activity;sid:84331235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468136)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468136/; classtype:trojan-activity;sid:84331236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468137)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468137/; classtype:trojan-activity;sid:84331237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468138)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468138/; classtype:trojan-activity;sid:84331238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468139)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468139/; classtype:trojan-activity;sid:84331239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468140)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468140/; classtype:trojan-activity;sid:84331240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468141)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468141/; classtype:trojan-activity;sid:84331241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468142)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468142/; classtype:trojan-activity;sid:84331242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468143)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468143/; classtype:trojan-activity;sid:84331243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468144)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468144/; classtype:trojan-activity;sid:84331244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468145)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468145/; classtype:trojan-activity;sid:84331245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468146)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468146/; classtype:trojan-activity;sid:84331246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468147)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468147/; classtype:trojan-activity;sid:84331247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468130)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468130/; classtype:trojan-activity;sid:84331230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468131)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468131/; classtype:trojan-activity;sid:84331231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468132)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468132/; classtype:trojan-activity;sid:84331232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468133)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468133/; classtype:trojan-activity;sid:84331233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468134)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468134/; classtype:trojan-activity;sid:84331234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468124)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468124/; classtype:trojan-activity;sid:84331224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468125)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468125/; classtype:trojan-activity;sid:84331225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468126)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468126/; classtype:trojan-activity;sid:84331226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468127)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468127/; classtype:trojan-activity;sid:84331227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468128)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468128/; classtype:trojan-activity;sid:84331228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468129)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468129/; classtype:trojan-activity;sid:84331229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468118)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468118/; classtype:trojan-activity;sid:84331218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468119)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468119/; classtype:trojan-activity;sid:84331219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468120)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468120/; classtype:trojan-activity;sid:84331220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468121)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468121/; classtype:trojan-activity;sid:84331221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468122)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468122/; classtype:trojan-activity;sid:84331222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468123)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468123/; classtype:trojan-activity;sid:84331223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468111)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468111/; classtype:trojan-activity;sid:84331211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468112)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468112/; classtype:trojan-activity;sid:84331212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468113)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468113/; classtype:trojan-activity;sid:84331213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468114)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468114/; classtype:trojan-activity;sid:84331214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468115)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468115/; classtype:trojan-activity;sid:84331215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468116)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468116/; classtype:trojan-activity;sid:84331216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468117)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468117/; classtype:trojan-activity;sid:84331217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468090)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468090/; classtype:trojan-activity;sid:84331190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468091)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468091/; classtype:trojan-activity;sid:84331191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468092)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468092/; classtype:trojan-activity;sid:84331192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468093)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468093/; classtype:trojan-activity;sid:84331193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468094)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468094/; classtype:trojan-activity;sid:84331194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468095)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468095/; classtype:trojan-activity;sid:84331195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468096)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468096/; classtype:trojan-activity;sid:84331196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468097)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468097/; classtype:trojan-activity;sid:84331197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468098)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468098/; classtype:trojan-activity;sid:84331198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468099)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468099/; classtype:trojan-activity;sid:84331199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468100)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468100/; classtype:trojan-activity;sid:84331200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468101)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468101/; classtype:trojan-activity;sid:84331201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468102)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468102/; classtype:trojan-activity;sid:84331202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468103)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468103/; classtype:trojan-activity;sid:84331203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468104)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468104/; classtype:trojan-activity;sid:84331204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468105)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468105/; classtype:trojan-activity;sid:84331205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468106)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468106/; classtype:trojan-activity;sid:84331206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468107)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468107/; classtype:trojan-activity;sid:84331207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468108)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468108/; classtype:trojan-activity;sid:84331208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468109)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468109/; classtype:trojan-activity;sid:84331209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468110)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468110/; classtype:trojan-activity;sid:84331210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468082)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468082/; classtype:trojan-activity;sid:84331182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468083)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468083/; classtype:trojan-activity;sid:84331183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468084)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468084/; classtype:trojan-activity;sid:84331184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468085)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468085/; classtype:trojan-activity;sid:84331185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468086)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468086/; classtype:trojan-activity;sid:84331186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468087)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468087/; classtype:trojan-activity;sid:84331187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468088)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468088/; classtype:trojan-activity;sid:84331188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468089)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468089/; classtype:trojan-activity;sid:84331189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468080)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468080/; classtype:trojan-activity;sid:84331180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468081)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468081/; classtype:trojan-activity;sid:84331181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468076)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468076/; classtype:trojan-activity;sid:84331176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468077)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468077/; classtype:trojan-activity;sid:84331177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468078)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468078/; classtype:trojan-activity;sid:84331178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468079)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468079/; classtype:trojan-activity;sid:84331179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468069)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468069/; classtype:trojan-activity;sid:84331169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468070)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468070/; classtype:trojan-activity;sid:84331170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468071)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468071/; classtype:trojan-activity;sid:84331171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468072)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468072/; classtype:trojan-activity;sid:84331172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468073)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468073/; classtype:trojan-activity;sid:84331173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468074)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468074/; classtype:trojan-activity;sid:84331174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468075)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468075/; classtype:trojan-activity;sid:84331175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468058)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468058/; classtype:trojan-activity;sid:84331158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468059)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468059/; classtype:trojan-activity;sid:84331159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468060)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468060/; classtype:trojan-activity;sid:84331160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468061)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468061/; classtype:trojan-activity;sid:84331161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468062)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468062/; classtype:trojan-activity;sid:84331162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468063)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468063/; classtype:trojan-activity;sid:84331163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468064)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468064/; classtype:trojan-activity;sid:84331164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468065)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468065/; classtype:trojan-activity;sid:84331165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468066)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468066/; classtype:trojan-activity;sid:84331166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468067)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468067/; classtype:trojan-activity;sid:84331167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468068)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468068/; classtype:trojan-activity;sid:84331168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468048)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468048/; classtype:trojan-activity;sid:84331148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468049)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468049/; classtype:trojan-activity;sid:84331149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468050)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468050/; classtype:trojan-activity;sid:84331150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468051)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468051/; classtype:trojan-activity;sid:84331151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468052)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468052/; classtype:trojan-activity;sid:84331152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468053)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468053/; classtype:trojan-activity;sid:84331153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468054)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468054/; classtype:trojan-activity;sid:84331154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468055)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468055/; classtype:trojan-activity;sid:84331155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468056)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468056/; classtype:trojan-activity;sid:84331156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468057)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468057/; classtype:trojan-activity;sid:84331157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468044)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468044/; classtype:trojan-activity;sid:84331144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468045)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468045/; classtype:trojan-activity;sid:84331145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468046)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468046/; classtype:trojan-activity;sid:84331146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468047)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468047/; classtype:trojan-activity;sid:84331147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468033)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468033/; classtype:trojan-activity;sid:84331133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468034)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468034/; classtype:trojan-activity;sid:84331134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468035)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468035/; classtype:trojan-activity;sid:84331135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468036)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468036/; classtype:trojan-activity;sid:84331136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468037)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468037/; classtype:trojan-activity;sid:84331137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468038)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468038/; classtype:trojan-activity;sid:84331138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468039)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468039/; classtype:trojan-activity;sid:84331139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468040)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468040/; classtype:trojan-activity;sid:84331140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468041)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468041/; classtype:trojan-activity;sid:84331141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468042)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468042/; classtype:trojan-activity;sid:84331142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468043)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468043/; classtype:trojan-activity;sid:84331143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468029)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468029/; classtype:trojan-activity;sid:84331129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468030)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468030/; classtype:trojan-activity;sid:84331130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468031)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468031/; classtype:trojan-activity;sid:84331131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468032)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468032/; classtype:trojan-activity;sid:84331132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468022)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468022/; classtype:trojan-activity;sid:84331122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468023)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468023/; classtype:trojan-activity;sid:84331123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468024)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468024/; classtype:trojan-activity;sid:84331124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468025)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468025/; classtype:trojan-activity;sid:84331125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468026)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468026/; classtype:trojan-activity;sid:84331126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468027)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468027/; classtype:trojan-activity;sid:84331127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468028)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468028/; classtype:trojan-activity;sid:84331128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468009)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468009/; classtype:trojan-activity;sid:84331109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468010)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468010/; classtype:trojan-activity;sid:84331110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468011)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468011/; classtype:trojan-activity;sid:84331111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468012)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468012/; classtype:trojan-activity;sid:84331112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468013)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468013/; classtype:trojan-activity;sid:84331113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468014)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468014/; classtype:trojan-activity;sid:84331114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468015)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468015/; classtype:trojan-activity;sid:84331115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468016)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468016/; classtype:trojan-activity;sid:84331116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468017)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468017/; classtype:trojan-activity;sid:84331117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468018)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468018/; classtype:trojan-activity;sid:84331118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468019)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468019/; classtype:trojan-activity;sid:84331119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468020)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468020/; classtype:trojan-activity;sid:84331120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468021)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468021/; classtype:trojan-activity;sid:84331121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468007)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468007/; classtype:trojan-activity;sid:84331107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468008)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468008/; classtype:trojan-activity;sid:84331108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468006)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468006/; classtype:trojan-activity;sid:84331106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467988)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467988/; classtype:trojan-activity;sid:84331088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467989)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467989/; classtype:trojan-activity;sid:84331089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467990)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467990/; classtype:trojan-activity;sid:84331090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467991)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467991/; classtype:trojan-activity;sid:84331091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467992)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467992/; classtype:trojan-activity;sid:84331092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467993)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467993/; classtype:trojan-activity;sid:84331093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467994)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467994/; classtype:trojan-activity;sid:84331094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467995)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467995/; classtype:trojan-activity;sid:84331095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467996)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467996/; classtype:trojan-activity;sid:84331096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467997)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467997/; classtype:trojan-activity;sid:84331097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467998)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467998/; classtype:trojan-activity;sid:84331098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467999)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467999/; classtype:trojan-activity;sid:84331099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468000)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468000/; classtype:trojan-activity;sid:84331100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468001)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468001/; classtype:trojan-activity;sid:84331101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468002)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468002/; classtype:trojan-activity;sid:84331102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468003)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468003/; classtype:trojan-activity;sid:84331103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468004)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468004/; classtype:trojan-activity;sid:84331104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468005)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468005/; classtype:trojan-activity;sid:84331105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467985)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467985/; classtype:trojan-activity;sid:84331085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467986)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467986/; classtype:trojan-activity;sid:84331086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467987)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467987/; classtype:trojan-activity;sid:84331087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467983)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467983/; classtype:trojan-activity;sid:84331083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467984)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467984/; classtype:trojan-activity;sid:84331084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467979)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467979/; classtype:trojan-activity;sid:84331079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467980)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467980/; classtype:trojan-activity;sid:84331080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467981)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467981/; classtype:trojan-activity;sid:84331081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467982)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467982/; classtype:trojan-activity;sid:84331082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467969)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467969/; classtype:trojan-activity;sid:84331069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467970)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.nn"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467970/; classtype:trojan-activity;sid:84331070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467971)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467971/; classtype:trojan-activity;sid:84331071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467972)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467972/; classtype:trojan-activity;sid:84331072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467973)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc.nn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467973/; classtype:trojan-activity;sid:84331073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467974)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467974/; classtype:trojan-activity;sid:84331074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467975)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467975/; classtype:trojan-activity;sid:84331075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467976)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.nn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467976/; classtype:trojan-activity;sid:84331076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467977)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467977/; classtype:trojan-activity;sid:84331077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467978)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467978/; classtype:trojan-activity;sid:84331078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467968)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467968/; classtype:trojan-activity;sid:84331068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.40.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467966/; classtype:trojan-activity;sid:84331066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.95.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467967/; classtype:trojan-activity;sid:84331067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467965/; classtype:trojan-activity;sid:84331065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467963)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nuscalepowerunit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467963/; classtype:trojan-activity;sid:84331063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467964)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kwuit-moci-goov-kw.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467964/; classtype:trojan-activity;sid:84331064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467961)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"seoxcommerce.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467961/; classtype:trojan-activity;sid:84331061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467962)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"msemaji.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467962/; classtype:trojan-activity;sid:84331062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467959)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vadkon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467959/; classtype:trojan-activity;sid:84331059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467960)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spootapump.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467960/; classtype:trojan-activity;sid:84331060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467953)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"govcanbenefits.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467953/; classtype:trojan-activity;sid:84331053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467954)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gov-alberta-ccr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467954/; classtype:trojan-activity;sid:84331054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467955)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"carbonrebate-gov.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467955/; classtype:trojan-activity;sid:84331055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467956)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"govcan-rebates.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467956/; classtype:trojan-activity;sid:84331056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467957)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"smokersbest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467957/; classtype:trojan-activity;sid:84331057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467958)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"deliceschezfabi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467958/; classtype:trojan-activity;sid:84331058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467925)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"clearsoundclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467925/; classtype:trojan-activity;sid:84331025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467926)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"alliedmso.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467926/; classtype:trojan-activity;sid:84331026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467927)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"source-chalaiden.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467927/; classtype:trojan-activity;sid:84331027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467928)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"produkinvestasi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467928/; classtype:trojan-activity;sid:84331028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467929)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"norflux.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467929/; classtype:trojan-activity;sid:84331029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467930)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"northernvirginiaeyeassociates.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467930/; classtype:trojan-activity;sid:84331030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467931)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"konceptinterior007.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467931/; classtype:trojan-activity;sid:84331031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467932)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"motorhomecinema.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467932/; classtype:trojan-activity;sid:84331032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467933)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"somahuertos.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467933/; classtype:trojan-activity;sid:84331033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467934)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jackblock.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467934/; classtype:trojan-activity;sid:84331034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467935)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"japantripninja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467935/; classtype:trojan-activity;sid:84331035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467936)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vedameherbals.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467936/; classtype:trojan-activity;sid:84331036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467937)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tjlatev.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467937/; classtype:trojan-activity;sid:84331037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467938)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"avpatchpanel.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467938/; classtype:trojan-activity;sid:84331038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467939)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bankslendingservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467939/; classtype:trojan-activity;sid:84331039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467940)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"abyssalempress.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467940/; classtype:trojan-activity;sid:84331040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467941)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"event-cpd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467941/; classtype:trojan-activity;sid:84331041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467942)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gandatex.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467942/; classtype:trojan-activity;sid:84331042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467943)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"altseamx.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467943/; classtype:trojan-activity;sid:84331043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467944)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bryceresortpatrol.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467944/; classtype:trojan-activity;sid:84331044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467945)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"soypanoli.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467945/; classtype:trojan-activity;sid:84331045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467946)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"socialbitelabs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467946/; classtype:trojan-activity;sid:84331046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467947)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"associathost.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467947/; classtype:trojan-activity;sid:84331047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467948)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"yokobd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467948/; classtype:trojan-activity;sid:84331048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467949)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gentlemal.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467949/; classtype:trojan-activity;sid:84331049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467950)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"indialign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467950/; classtype:trojan-activity;sid:84331050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467951)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gobiotechpestcontrol.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467951/; classtype:trojan-activity;sid:84331051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467952)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"corresponsaldenoticias.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467952/; classtype:trojan-activity;sid:84331052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467921)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"unitedstatesskiandsnowboardassociation.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467921/; classtype:trojan-activity;sid:84331021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467922)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ivadragostinovacounselling.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467922/; classtype:trojan-activity;sid:84331022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467923)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"daralquwa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467923/; classtype:trojan-activity;sid:84331023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467924)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"maggiest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467924/; classtype:trojan-activity;sid:84331024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467919)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lucknowacrepairservices.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467919/; classtype:trojan-activity;sid:84331019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467920)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tigo-sa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467920/; classtype:trojan-activity;sid:84331020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467918)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dailyinspirationuplift.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467918/; classtype:trojan-activity;sid:84331018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467915)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"doubouganta.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467915/; classtype:trojan-activity;sid:84331015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467916)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"efacturaloperu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467916/; classtype:trojan-activity;sid:84331016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467917)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bblissmassage.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467917/; classtype:trojan-activity;sid:84331017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.95.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467914/; classtype:trojan-activity;sid:84331014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.5.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467913/; classtype:trojan-activity;sid:84331013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.148.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467912/; classtype:trojan-activity;sid:84331012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.43.170.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467911/; classtype:trojan-activity;sid:84331011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.163.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467909/; classtype:trojan-activity;sid:84331009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.123.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467910/; classtype:trojan-activity;sid:84331010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.203.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467907/; classtype:trojan-activity;sid:84331007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.66.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467908/; classtype:trojan-activity;sid:84331008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.180.140.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467906/; classtype:trojan-activity;sid:84331006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.161.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467905/; classtype:trojan-activity;sid:84331005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467900)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467900/; classtype:trojan-activity;sid:84331000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467901)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.209.150.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467901/; classtype:trojan-activity;sid:84331001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467902)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.209.150.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467902/; classtype:trojan-activity;sid:84331002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467903)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.150.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467903/; classtype:trojan-activity;sid:84331003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.209.150.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467904/; classtype:trojan-activity;sid:84331004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467896)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.150.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467896/; classtype:trojan-activity;sid:84330996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467897)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467897/; classtype:trojan-activity;sid:84330997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467898)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.150.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467898/; classtype:trojan-activity;sid:84330998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467899)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.150.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467899/; classtype:trojan-activity;sid:84330999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.190.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467895/; classtype:trojan-activity;sid:84330995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.200.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467894/; classtype:trojan-activity;sid:84330994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.230.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467892/; classtype:trojan-activity;sid:84330992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.104.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467893/; classtype:trojan-activity;sid:84330993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467891)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/2t1ndsz8thnsggr/linkin_park.mp3/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467891/; classtype:trojan-activity;sid:84330991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.148.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467890/; classtype:trojan-activity;sid:84330990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467889)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.jakoc.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467889/; classtype:trojan-activity;sid:84330989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.223.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467888/; classtype:trojan-activity;sid:84330988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.163.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467887/; classtype:trojan-activity;sid:84330987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467885)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467885/; classtype:trojan-activity;sid:84330985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467886)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467886/; classtype:trojan-activity;sid:84330986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467884/; classtype:trojan-activity;sid:84330984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467883)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467883/; classtype:trojan-activity;sid:84330983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467876)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467876/; classtype:trojan-activity;sid:84330976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467877)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467877/; classtype:trojan-activity;sid:84330977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467878)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467878/; classtype:trojan-activity;sid:84330978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467879)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467879/; classtype:trojan-activity;sid:84330979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467880)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467880/; classtype:trojan-activity;sid:84330980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467881)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467881/; classtype:trojan-activity;sid:84330981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.241.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467882/; classtype:trojan-activity;sid:84330982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467875)"; flow:established,from_client; content:"GET"; http_method; content:"/5r3fqt67ew531has4231.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.213.174.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467875/; classtype:trojan-activity;sid:84330975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467874)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467874/; classtype:trojan-activity;sid:84330974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467868)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467868/; classtype:trojan-activity;sid:84330968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467869)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467869/; classtype:trojan-activity;sid:84330969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467870)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467870/; classtype:trojan-activity;sid:84330970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467871)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467871/; classtype:trojan-activity;sid:84330971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467872)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467872/; classtype:trojan-activity;sid:84330972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467873)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467873/; classtype:trojan-activity;sid:84330973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467864)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467864/; classtype:trojan-activity;sid:84330964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467865)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467865/; classtype:trojan-activity;sid:84330965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467866)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467866/; classtype:trojan-activity;sid:84330966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467867)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467867/; classtype:trojan-activity;sid:84330967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467863)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"147.45.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467863/; classtype:trojan-activity;sid:84330963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.72.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467862/; classtype:trojan-activity;sid:84330962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.223.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467861/; classtype:trojan-activity;sid:84330961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.132.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467860/; classtype:trojan-activity;sid:84330960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467858)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467858/; classtype:trojan-activity;sid:84330958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.11.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467859/; classtype:trojan-activity;sid:84330959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467852)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467852/; classtype:trojan-activity;sid:84330952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467853)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/aarch64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467853/; classtype:trojan-activity;sid:84330953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467854)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467854/; classtype:trojan-activity;sid:84330954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467855)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467855/; classtype:trojan-activity;sid:84330955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467856)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467856/; classtype:trojan-activity;sid:84330956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467857)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467857/; classtype:trojan-activity;sid:84330957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.104.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467851/; classtype:trojan-activity;sid:84330951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467849)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467849/; classtype:trojan-activity;sid:84330949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467850)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467850/; classtype:trojan-activity;sid:84330950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467847)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467847/; classtype:trojan-activity;sid:84330947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467848)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467848/; classtype:trojan-activity;sid:84330948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.227.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467846/; classtype:trojan-activity;sid:84330946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.129.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467845/; classtype:trojan-activity;sid:84330945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.151.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467844/; classtype:trojan-activity;sid:84330944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.140.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467843/; classtype:trojan-activity;sid:84330943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.11.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467842/; classtype:trojan-activity;sid:84330942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.132.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467841/; classtype:trojan-activity;sid:84330941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.87.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467840/; classtype:trojan-activity;sid:84330940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.19.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467839/; classtype:trojan-activity;sid:84330939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.249.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467838/; classtype:trojan-activity;sid:84330938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.207.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467837/; classtype:trojan-activity;sid:84330937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467836/; classtype:trojan-activity;sid:84330936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.19.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467835/; classtype:trojan-activity;sid:84330935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467834)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.kibof.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467834/; classtype:trojan-activity;sid:84330934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.203.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467833/; classtype:trojan-activity;sid:84330933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.181.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467832/; classtype:trojan-activity;sid:84330932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.244.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467829/; classtype:trojan-activity;sid:84330929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.127.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467830/; classtype:trojan-activity;sid:84330930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.255.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467831/; classtype:trojan-activity;sid:84330931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467828/; classtype:trojan-activity;sid:84330928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467827)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467827/; classtype:trojan-activity;sid:84330927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.230.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467826/; classtype:trojan-activity;sid:84330926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.207.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467825/; classtype:trojan-activity;sid:84330925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.99.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467824/; classtype:trojan-activity;sid:84330924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.249.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467823/; classtype:trojan-activity;sid:84330923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.181.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467822/; classtype:trojan-activity;sid:84330922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.84.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467821/; classtype:trojan-activity;sid:84330921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467820/; classtype:trojan-activity;sid:84330920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.203.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467819/; classtype:trojan-activity;sid:84330919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.105.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467818/; classtype:trojan-activity;sid:84330918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.77.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467817/; classtype:trojan-activity;sid:84330917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467816/; classtype:trojan-activity;sid:84330916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467813/; classtype:trojan-activity;sid:84330913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467814/; classtype:trojan-activity;sid:84330914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467815/; classtype:trojan-activity;sid:84330915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.32.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467812/; classtype:trojan-activity;sid:84330912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467810/; classtype:trojan-activity;sid:84330910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.60.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467811/; classtype:trojan-activity;sid:84330911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.27.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467809/; classtype:trojan-activity;sid:84330909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.101.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467808/; classtype:trojan-activity;sid:84330908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.84.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467807/; classtype:trojan-activity;sid:84330907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.241.18.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467806/; classtype:trojan-activity;sid:84330906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467804)"; flow:established,from_client; content:"GET"; http_method; content:"/files/toxinboxin/reloadrive.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.59.120.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467804/; classtype:trojan-activity;sid:84330904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467805)"; flow:established,from_client; content:"GET"; http_method; content:"/files/feedfiles/feedlablest.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.59.120.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467805/; classtype:trojan-activity;sid:84330905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467803)"; flow:established,from_client; content:"GET"; http_method; content:"/files/tuplodrive/coredrive.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"45.59.120.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467803/; classtype:trojan-activity;sid:84330903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467802)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467802/; classtype:trojan-activity;sid:84330902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467801)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5153162918/ps7wqsx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467801/; classtype:trojan-activity;sid:84330901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467798)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7260333037/v4vhskg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467798/; classtype:trojan-activity;sid:84330898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467799)"; flow:established,from_client; content:"GET"; http_method; content:"/files/galaticalchemist888_0/calcvaults.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467799/; classtype:trojan-activity;sid:84330899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467800)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5657354070/y87oyyz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467800/; classtype:trojan-activity;sid:84330900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467796)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5265591378/jqgbbm7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467796/; classtype:trojan-activity;sid:84330896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467797)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7617915914/hf9tyzf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467797/; classtype:trojan-activity;sid:84330897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467795)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8055480273/rxle9yc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467795/; classtype:trojan-activity;sid:84330895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467792)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6708407063/ghpwbrq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467792/; classtype:trojan-activity;sid:84330892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467793)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5165347769/oehbohk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467793/; classtype:trojan-activity;sid:84330893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467794)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1953776641/zxjk5mk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467794/; classtype:trojan-activity;sid:84330894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467790)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467790/; classtype:trojan-activity;sid:84330890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467791)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1953776641/wbalapt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467791/; classtype:trojan-activity;sid:84330891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467789)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6291786446/fcsm05d.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467789/; classtype:trojan-activity;sid:84330889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.115.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467788/; classtype:trojan-activity;sid:84330888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467787/; classtype:trojan-activity;sid:84330887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.216.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467786/; classtype:trojan-activity;sid:84330886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467785)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/wqalbzw48swoec4/linkin_park.mp3/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467785/; classtype:trojan-activity;sid:84330885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.179.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467784/; classtype:trojan-activity;sid:84330884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467783/; classtype:trojan-activity;sid:84330883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.37.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467781/; classtype:trojan-activity;sid:84330881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467782/; classtype:trojan-activity;sid:84330882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.77.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467780/; classtype:trojan-activity;sid:84330880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467779)"; flow:established,from_client; content:"GET"; http_method; content:"/oarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467779/; classtype:trojan-activity;sid:84330879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.76.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467778/; classtype:trojan-activity;sid:84330878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.115.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467777/; classtype:trojan-activity;sid:84330877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.61.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467776/; classtype:trojan-activity;sid:84330876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467775/; classtype:trojan-activity;sid:84330875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.183.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467774/; classtype:trojan-activity;sid:84330874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.82.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467773/; classtype:trojan-activity;sid:84330873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.179.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467772/; classtype:trojan-activity;sid:84330872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467771)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.pafoc.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467771/; classtype:trojan-activity;sid:84330871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467770/; classtype:trojan-activity;sid:84330870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.117.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467769/; classtype:trojan-activity;sid:84330869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467768/; classtype:trojan-activity;sid:84330868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.158.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467767/; classtype:trojan-activity;sid:84330867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.96.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467765/; classtype:trojan-activity;sid:84330865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.245.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467766/; classtype:trojan-activity;sid:84330866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.135.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467763/; classtype:trojan-activity;sid:84330863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467764/; classtype:trojan-activity;sid:84330864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.76.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467762/; classtype:trojan-activity;sid:84330862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.86.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467761/; classtype:trojan-activity;sid:84330861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.251.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467760/; classtype:trojan-activity;sid:84330860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467759/; classtype:trojan-activity;sid:84330859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.3.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467758/; classtype:trojan-activity;sid:84330858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467757)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.miwun.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467757/; classtype:trojan-activity;sid:84330857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.117.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467756/; classtype:trojan-activity;sid:84330856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.158.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467755/; classtype:trojan-activity;sid:84330855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.163.57.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467754/; classtype:trojan-activity;sid:84330854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.81.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467753/; classtype:trojan-activity;sid:84330853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.123.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467752/; classtype:trojan-activity;sid:84330852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.42.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467751/; classtype:trojan-activity;sid:84330851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.131.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467750/; classtype:trojan-activity;sid:84330850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.115.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467749/; classtype:trojan-activity;sid:84330849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.147.40.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467748/; classtype:trojan-activity;sid:84330848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.90.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467747/; classtype:trojan-activity;sid:84330847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467746/; classtype:trojan-activity;sid:84330846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.251.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467745/; classtype:trojan-activity;sid:84330845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467744/; classtype:trojan-activity;sid:84330844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467743/; classtype:trojan-activity;sid:84330843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467742/; classtype:trojan-activity;sid:84330842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.3.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467741/; classtype:trojan-activity;sid:84330841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.241.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467740/; classtype:trojan-activity;sid:84330840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.124.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467739/; classtype:trojan-activity;sid:84330839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.120.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467738/; classtype:trojan-activity;sid:84330838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.115.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467737/; classtype:trojan-activity;sid:84330837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467736/; classtype:trojan-activity;sid:84330836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467735/; classtype:trojan-activity;sid:84330835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.177.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467734/; classtype:trojan-activity;sid:84330834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.5.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467733/; classtype:trojan-activity;sid:84330833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.59.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467732/; classtype:trojan-activity;sid:84330832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.90.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467731/; classtype:trojan-activity;sid:84330831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467730/; classtype:trojan-activity;sid:84330830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467729/; classtype:trojan-activity;sid:84330829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.212.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467728/; classtype:trojan-activity;sid:84330828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.207.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467727/; classtype:trojan-activity;sid:84330827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.231.106.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467726/; classtype:trojan-activity;sid:84330826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467725/; classtype:trojan-activity;sid:84330825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.124.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467724/; classtype:trojan-activity;sid:84330824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467723/; classtype:trojan-activity;sid:84330823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.115.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467722/; classtype:trojan-activity;sid:84330822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467721)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.dycib.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467721/; classtype:trojan-activity;sid:84330821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467720/; classtype:trojan-activity;sid:84330820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.120.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467719/; classtype:trojan-activity;sid:84330819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.128.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467717/; classtype:trojan-activity;sid:84330817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.54.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467718/; classtype:trojan-activity;sid:84330818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.59.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467716/; classtype:trojan-activity;sid:84330816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.41.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467715/; classtype:trojan-activity;sid:84330815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.234.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467714/; classtype:trojan-activity;sid:84330814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467713/; classtype:trojan-activity;sid:84330813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467712/; classtype:trojan-activity;sid:84330812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.78.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467711/; classtype:trojan-activity;sid:84330811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.96.228.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467710/; classtype:trojan-activity;sid:84330810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.168.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467709/; classtype:trojan-activity;sid:84330809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.168.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467708/; classtype:trojan-activity;sid:84330808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.239.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467707/; classtype:trojan-activity;sid:84330807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.234.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467706/; classtype:trojan-activity;sid:84330806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.128.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467705/; classtype:trojan-activity;sid:84330805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467704/; classtype:trojan-activity;sid:84330804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.1.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467703/; classtype:trojan-activity;sid:84330803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.96.228.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467702/; classtype:trojan-activity;sid:84330802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.169.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467701/; classtype:trojan-activity;sid:84330801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.165.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467700/; classtype:trojan-activity;sid:84330800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467699/; classtype:trojan-activity;sid:84330799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467698/; classtype:trojan-activity;sid:84330798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.95.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467697/; classtype:trojan-activity;sid:84330797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.78.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467696/; classtype:trojan-activity;sid:84330796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467693)"; flow:established,from_client; content:"GET"; http_method; content:"/e2b1563c6670f193.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467693/; classtype:trojan-activity;sid:84330793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467694)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.215.113.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467694/; classtype:trojan-activity;sid:84330794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467695)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.215.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467695/; classtype:trojan-activity;sid:84330795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.1.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467692/; classtype:trojan-activity;sid:84330792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467691/; classtype:trojan-activity;sid:84330791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.239.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467690/; classtype:trojan-activity;sid:84330790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467689/; classtype:trojan-activity;sid:84330789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.133.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467688/; classtype:trojan-activity;sid:84330788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.37.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467687/; classtype:trojan-activity;sid:84330787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.162.211.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467684/; classtype:trojan-activity;sid:84330784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.162.211.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467685/; classtype:trojan-activity;sid:84330785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.142.104.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467686/; classtype:trojan-activity;sid:84330786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.103.250.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467683/; classtype:trojan-activity;sid:84330783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.39.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467682/; classtype:trojan-activity;sid:84330782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467681)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.najem.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467681/; classtype:trojan-activity;sid:84330781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.101.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467680/; classtype:trojan-activity;sid:84330780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467679/; classtype:trojan-activity;sid:84330779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.113.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467678/; classtype:trojan-activity;sid:84330778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.185.119.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467676/; classtype:trojan-activity;sid:84330776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.185.119.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467677/; classtype:trojan-activity;sid:84330777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467674/; classtype:trojan-activity;sid:84330774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467675/; classtype:trojan-activity;sid:84330775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467673/; classtype:trojan-activity;sid:84330773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.189.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467672/; classtype:trojan-activity;sid:84330772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.133.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467671/; classtype:trojan-activity;sid:84330771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467670)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467670/; classtype:trojan-activity;sid:84330770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467667)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467667/; classtype:trojan-activity;sid:84330767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467668)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467668/; classtype:trojan-activity;sid:84330768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.134.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467669/; classtype:trojan-activity;sid:84330769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467660)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467660/; classtype:trojan-activity;sid:84330760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467661)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467661/; classtype:trojan-activity;sid:84330761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467662)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467662/; classtype:trojan-activity;sid:84330762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467663)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467663/; classtype:trojan-activity;sid:84330763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467664)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467664/; classtype:trojan-activity;sid:84330764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467665)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467665/; classtype:trojan-activity;sid:84330765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467666)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467666/; classtype:trojan-activity;sid:84330766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467659)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"angela.spklove.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467659/; classtype:trojan-activity;sid:84330759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.126.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467658/; classtype:trojan-activity;sid:84330758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.53.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467657/; classtype:trojan-activity;sid:84330757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.10.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467656/; classtype:trojan-activity;sid:84330756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.225.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467655/; classtype:trojan-activity;sid:84330755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.126.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467654/; classtype:trojan-activity;sid:84330754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.98.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467653/; classtype:trojan-activity;sid:84330753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.150.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467652/; classtype:trojan-activity;sid:84330752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467651/; classtype:trojan-activity;sid:84330751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.85.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467650/; classtype:trojan-activity;sid:84330750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.1.1"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467649/; classtype:trojan-activity;sid:84330749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467647)"; flow:established,from_client; content:"GET"; http_method; content:"/favicon.ico"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467647/; classtype:trojan-activity;sid:84330747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467648)"; flow:established,from_client; content:"GET"; http_method; content:"/di0her478/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467648/; classtype:trojan-activity;sid:84330748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467646)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/dyv72m3vb6v5vanz1rr4w/briosweet.txt|3f|rlkey=ss4d25mnbchxan2wr7b4rwkw6|7c|26|7c|st=qsxpu45r|7c|26|7c|dl=1"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467646/; classtype:trojan-activity;sid:84330746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.187.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467645/; classtype:trojan-activity;sid:84330745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.132.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467644/; classtype:trojan-activity;sid:84330744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467643)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.pufoq.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467643/; classtype:trojan-activity;sid:84330743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.126.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467642/; classtype:trojan-activity;sid:84330742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.178.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467641/; classtype:trojan-activity;sid:84330741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.204.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467640/; classtype:trojan-activity;sid:84330740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.8.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467639/; classtype:trojan-activity;sid:84330739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467638)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/eoa4d2ndnm82s11/linkin_park.mp3/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467638/; classtype:trojan-activity;sid:84330738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.81.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467637/; classtype:trojan-activity;sid:84330737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.85.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467636/; classtype:trojan-activity;sid:84330736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467635)"; flow:established,from_client; content:"GET"; http_method; content:"/x/evil.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bruta.pl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467635/; classtype:trojan-activity;sid:84330735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467634)"; flow:established,from_client; content:"GET"; http_method; content:"/x/file.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bruta.pl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467634/; classtype:trojan-activity;sid:84330734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467633)"; flow:established,from_client; content:"GET"; http_method; content:"/x/jebeykyffyuweia235.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bruta.pl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467633/; classtype:trojan-activity;sid:84330733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.1.1"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467632/; classtype:trojan-activity;sid:84330732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467631/; classtype:trojan-activity;sid:84330731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467628)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1eczx8yjtfxwos26grqtdixajed3ukcao"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467628/; classtype:trojan-activity;sid:84330728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467629)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1drptefwc7xybtum52bikrhp4j4l6lttc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467629/; classtype:trojan-activity;sid:84330729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467630)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17zhy5tdguaad_5hnlfabkslaufhaefqs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467630/; classtype:trojan-activity;sid:84330730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467627)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ei8bptlfd8ggdpl2did7ywgm9kx5jo2j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467627/; classtype:trojan-activity;sid:84330727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467625)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467625/; classtype:trojan-activity;sid:84330725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467626)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/w2"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467626/; classtype:trojan-activity;sid:84330726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467619)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/s"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467619/; classtype:trojan-activity;sid:84330719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467620)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/r"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467620/; classtype:trojan-activity;sid:84330720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467621)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/w1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467621/; classtype:trojan-activity;sid:84330721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467622)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/file"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467622/; classtype:trojan-activity;sid:84330722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467623)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/v"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467623/; classtype:trojan-activity;sid:84330723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.187.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467624/; classtype:trojan-activity;sid:84330724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467615)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/fxciljjiuucyzsnktfc8.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467615/; classtype:trojan-activity;sid:84330715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467616)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/w5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467616/; classtype:trojan-activity;sid:84330716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467617)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/extention"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467617/; classtype:trojan-activity;sid:84330717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467618)"; flow:established,from_client; content:"GET"; http_method; content:"/01032025/cn"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467618/; classtype:trojan-activity;sid:84330718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467614)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yd1vmx83gv4namq-6cdj1fqkcmxdt5xu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467614/; classtype:trojan-activity;sid:84330714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467613)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yx43jcuz6pvzdkv5pts7a9lqqdwre_cw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467613/; classtype:trojan-activity;sid:84330713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467610)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467610/; classtype:trojan-activity;sid:84330710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467611)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467611/; classtype:trojan-activity;sid:84330711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467612)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467612/; classtype:trojan-activity;sid:84330712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467604)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467604/; classtype:trojan-activity;sid:84330704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467605)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467605/; classtype:trojan-activity;sid:84330705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467606)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467606/; classtype:trojan-activity;sid:84330706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467607)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467607/; classtype:trojan-activity;sid:84330707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467608)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467608/; classtype:trojan-activity;sid:84330708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467609)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.x32"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467609/; classtype:trojan-activity;sid:84330709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467603)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467603/; classtype:trojan-activity;sid:84330703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467602)"; flow:established,from_client; content:"GET"; http_method; content:"/yboats.m68"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"83.147.13.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467602/; classtype:trojan-activity;sid:84330702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.132.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467601/; classtype:trojan-activity;sid:84330701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467590)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467590/; classtype:trojan-activity;sid:84330690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467591)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467591/; classtype:trojan-activity;sid:84330691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467592)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467592/; classtype:trojan-activity;sid:84330692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467593)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467593/; classtype:trojan-activity;sid:84330693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467594)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467594/; classtype:trojan-activity;sid:84330694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467595)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467595/; classtype:trojan-activity;sid:84330695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467596)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467596/; classtype:trojan-activity;sid:84330696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467597)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467597/; classtype:trojan-activity;sid:84330697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467598)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467598/; classtype:trojan-activity;sid:84330698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467599)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467599/; classtype:trojan-activity;sid:84330699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467600)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.143.1.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467600/; classtype:trojan-activity;sid:84330700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.166.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467589/; classtype:trojan-activity;sid:84330689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.81.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467588/; classtype:trojan-activity;sid:84330688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.144.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467587/; classtype:trojan-activity;sid:84330687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.220.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467586/; classtype:trojan-activity;sid:84330686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467585/; classtype:trojan-activity;sid:84330685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.190.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467582/; classtype:trojan-activity;sid:84330682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.239.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467583/; classtype:trojan-activity;sid:84330683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.185.119.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467584/; classtype:trojan-activity;sid:84330684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467581/; classtype:trojan-activity;sid:84330681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467580/; classtype:trojan-activity;sid:84330680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.81.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467577/; classtype:trojan-activity;sid:84330677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.241.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467578/; classtype:trojan-activity;sid:84330678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.59.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467579/; classtype:trojan-activity;sid:84330679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.210.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467576/; classtype:trojan-activity;sid:84330676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.167.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467573/; classtype:trojan-activity;sid:84330673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.178.108.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467574/; classtype:trojan-activity;sid:84330674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.11.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467575/; classtype:trojan-activity;sid:84330675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.211.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467571/; classtype:trojan-activity;sid:84330671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"www.chronotriggerturkiye.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467572/; classtype:trojan-activity;sid:84330672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.218.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467570/; classtype:trojan-activity;sid:84330670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467569/; classtype:trojan-activity;sid:84330669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467568)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.cumys.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467568/; classtype:trojan-activity;sid:84330668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.249.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467567/; classtype:trojan-activity;sid:84330667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467566/; classtype:trojan-activity;sid:84330666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.139.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467565/; classtype:trojan-activity;sid:84330665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467564)"; flow:established,from_client; content:"GET"; http_method; content:"/433/config.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.245.123.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467564/; classtype:trojan-activity;sid:84330664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.104.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467563/; classtype:trojan-activity;sid:84330663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.144.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467562/; classtype:trojan-activity;sid:84330662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.175.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467561/; classtype:trojan-activity;sid:84330661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467560/; classtype:trojan-activity;sid:84330660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.207.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467559/; classtype:trojan-activity;sid:84330659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.220.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467558/; classtype:trojan-activity;sid:84330658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.12.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467557/; classtype:trojan-activity;sid:84330657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467556/; classtype:trojan-activity;sid:84330656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.241.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467555/; classtype:trojan-activity;sid:84330655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.139.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467554/; classtype:trojan-activity;sid:84330654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.207.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467553/; classtype:trojan-activity;sid:84330653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.81.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467552/; classtype:trojan-activity;sid:84330652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467551/; classtype:trojan-activity;sid:84330651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.107.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467550/; classtype:trojan-activity;sid:84330650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467549)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.wobym.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467549/; classtype:trojan-activity;sid:84330649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467548)"; flow:established,from_client; content:"GET"; http_method; content:"/stable.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ovalre.us"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467548/; classtype:trojan-activity;sid:84330648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467547/; classtype:trojan-activity;sid:84330647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/fojik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467546/; classtype:trojan-activity;sid:84330646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.12.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467545/; classtype:trojan-activity;sid:84330645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467544)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=kaecg-7xl9nfsmacehrbsefg0jab0g6ujnhouwwmz_zdkvc13acsyiwo"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"3003.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467544/; classtype:trojan-activity;sid:84330644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467543)"; flow:established,from_client; content:"GET"; http_method; content:"/form2/1/voiceai.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"clinicadermalaser.es"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467543/; classtype:trojan-activity;sid:84330643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467542)"; flow:established,from_client; content:"GET"; http_method; content:"/hexium.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hexiumvisions.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467542/; classtype:trojan-activity;sid:84330642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.92.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467540/; classtype:trojan-activity;sid:84330640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.146.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467541/; classtype:trojan-activity;sid:84330641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467536)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5757584641/z3sjkc5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467536/; classtype:trojan-activity;sid:84330636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467537)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/61705749605.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467537/; classtype:trojan-activity;sid:84330637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467538)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd3b43cd-389e-413e-87b9-e21f40c2630d/downloads/guledazawabumoda.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467538/; classtype:trojan-activity;sid:84330638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467539)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/6nnkv9psxu4rm31/linkin_park.mp3/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467539/; classtype:trojan-activity;sid:84330639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467535)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6802558212/bxxkvln.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467535/; classtype:trojan-activity;sid:84330635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467529)"; flow:established,from_client; content:"GET"; http_method; content:"/files/515afc3f-f8a2-4894-a26d-4d86ce505fee/lowibufulugogazuguvexa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467529/; classtype:trojan-activity;sid:84330629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467530)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220125031952if_/https://uploads.strikinglycdn.com/files/8318c966-e52a-40ef-94e6-45f59a0c5fd2/7093784418.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467530/; classtype:trojan-activity;sid:84330630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467531)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1902a20f-b6f6-456d-a3e8-73d78dffff7b/charged-saints-of-denver-book-2-40.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467531/; classtype:trojan-activity;sid:84330631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.84.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467532/; classtype:trojan-activity;sid:84330632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467533)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/637623a6-af9b-4a69-90a8-85cd562c999e/downloads/niwexokaburule.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467533/; classtype:trojan-activity;sid:84330633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467534)"; flow:established,from_client; content:"GET"; http_method; content:"/files/63598570-49a9-4198-8528-994debb5f031/50705551975.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467534/; classtype:trojan-activity;sid:84330634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96f90b6e-3939-4cac-a3ad-eba9fb8219bf/downloads/71599608952.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467528/; classtype:trojan-activity;sid:84330628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467522)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7868598855/zy9sqws.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467522/; classtype:trojan-activity;sid:84330622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e712c63-2f24-4e6b-a5dc-ff3233100bea/downloads/72290413200.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467523/; classtype:trojan-activity;sid:84330623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/rafubagosewuniwudob.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467524/; classtype:trojan-activity;sid:84330624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/70485427967.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467525/; classtype:trojan-activity;sid:84330625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467526)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/xenogipojadamomixaxulute.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467526/; classtype:trojan-activity;sid:84330626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/9089368795.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467527/; classtype:trojan-activity;sid:84330627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467514)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7834629666/v6oqdnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467514/; classtype:trojan-activity;sid:84330614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467515)"; flow:established,from_client; content:"GET"; http_method; content:"/files/93198a51-7458-4e4c-ba9f-38de820e550e/56982212333.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467515/; classtype:trojan-activity;sid:84330615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467516)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/safari_magazine_2019_download.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467516/; classtype:trojan-activity;sid:84330616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/fusoze.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467517/; classtype:trojan-activity;sid:84330617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467518)"; flow:established,from_client; content:"GET"; http_method; content:"/nba+2k23.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"files-ld.s3.us-east-2.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467518/; classtype:trojan-activity;sid:84330618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467519)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/plan_technique_piscine_a_debordement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467519/; classtype:trojan-activity;sid:84330619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467520)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ee25e7e0-145e-4ca3-8f3c-48a24a68b487/gixobanavemaja.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467520/; classtype:trojan-activity;sid:84330620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/83838390139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467521/; classtype:trojan-activity;sid:84330621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467504)"; flow:established,from_client; content:"GET"; http_method; content:"/files/73393f6d-5df9-4a3e-bb86-73a6ee98490b/russian-cookbook-8.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467504/; classtype:trojan-activity;sid:84330604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467505)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7039321a-5165-4e87-b418-fcea6d809ab6/mesanamidap.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467505/; classtype:trojan-activity;sid:84330605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467506)"; flow:established,from_client; content:"GET"; http_method; content:"/files/dfaab639-f213-4197-b50a-d621fda6a29e/xuguvibafaziwedobumijigof.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467506/; classtype:trojan-activity;sid:84330606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467507)"; flow:established,from_client; content:"GET"; http_method; content:"/files/304b7b4f-c9ee-4a05-b069-7240cc50c896/88315431547.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467507/; classtype:trojan-activity;sid:84330607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467508)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7815000d-e366-4200-8d14-959ec4c8bd70/45388170052.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467508/; classtype:trojan-activity;sid:84330608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467509)"; flow:established,from_client; content:"GET"; http_method; content:"/files/498c87dc-d229-4cfe-b56c-13e695842f1a/28901053537.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467509/; classtype:trojan-activity;sid:84330609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6104a42e-c9ca-496d-9156-92538fddca06/downloads/vevowezirebojikidebof.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467510/; classtype:trojan-activity;sid:84330610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467511)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8082092f-4e85-4a95-b433-e3587f0d55cf/sapui5-the-comprehensive-guide-909.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467511/; classtype:trojan-activity;sid:84330611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467512)"; flow:established,from_client; content:"GET"; http_method; content:"/files/9b13279a-a043-4bd8-b917-d50fb17abfeb/what_is_meant_by_credit_decision_table.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467512/; classtype:trojan-activity;sid:84330612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/temisipilotiba.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467513/; classtype:trojan-activity;sid:84330613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467498)"; flow:established,from_client; content:"GET"; http_method; content:"/avalon.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"avaloncheats.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467498/; classtype:trojan-activity;sid:84330598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467499/; classtype:trojan-activity;sid:84330599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.188.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467500/; classtype:trojan-activity;sid:84330600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/79427765137.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467501/; classtype:trojan-activity;sid:84330601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.110.120.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467502/; classtype:trojan-activity;sid:84330602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467503)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bda43ae9-989f-484f-94a6-8afa584d43b2/bagoxukutisow.pdf"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467503/; classtype:trojan-activity;sid:84330603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467496)"; flow:established,from_client; content:"GET"; http_method; content:"/vhtwkxp255.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.86.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467496/; classtype:trojan-activity;sid:84330596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467497/; classtype:trojan-activity;sid:84330597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.233.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467495/; classtype:trojan-activity;sid:84330595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.10.251.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467493/; classtype:trojan-activity;sid:84330593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467494)"; flow:established,from_client; content:"GET"; http_method; content:"/sampcac-loader.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.amako.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467494/; classtype:trojan-activity;sid:84330594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467492)"; flow:established,from_client; content:"GET"; http_method; content:"/games/app/ethelium.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"etheliumcheats.pro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467492/; classtype:trojan-activity;sid:84330592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467489)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8164112802/jcfx2xj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467489/; classtype:trojan-activity;sid:84330589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467490)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7982467377/bpddw9f.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467490/; classtype:trojan-activity;sid:84330590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467491)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=1diwufvlw0qufuf9kk95d5qtlfwtqn47y|7c|26|7c|export=download|7c|26|7c|authuser=0|7c|26|7c|confirm=t|7c|26|7c|uuid=03b37b19-9a95-4962-a303-92549ea5abb6|7c|26|7c|at=aez70l7zc8j45v3_h7to0wxtjyvh%3a1741124204390"; http_uri; depth:221; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467491/; classtype:trojan-activity;sid:84330591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.187.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467488/; classtype:trojan-activity;sid:84330588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467487/; classtype:trojan-activity;sid:84330587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.44.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467485/; classtype:trojan-activity;sid:84330585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467486/; classtype:trojan-activity;sid:84330586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467484/; classtype:trojan-activity;sid:84330584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.156.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467483/; classtype:trojan-activity;sid:84330583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467482/; classtype:trojan-activity;sid:84330582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467481/; classtype:trojan-activity;sid:84330581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.153.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467480/; classtype:trojan-activity;sid:84330580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.153.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467479/; classtype:trojan-activity;sid:84330579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467478)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/examples_of_employee_goals_for_performance_review.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467478/; classtype:trojan-activity;sid:84330578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467477)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/50228966329.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467477/; classtype:trojan-activity;sid:84330577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467475)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/educational_leadership_philosophy_examples.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467475/; classtype:trojan-activity;sid:84330575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/299c0676-bac5-4db6-8fea-3075091e1687/downloads/61526216713.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467476/; classtype:trojan-activity;sid:84330576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gumofeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467465/; classtype:trojan-activity;sid:84330565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467466)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/mawanigokur.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467466/; classtype:trojan-activity;sid:84330566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.143.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467467/; classtype:trojan-activity;sid:84330567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.18.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467468/; classtype:trojan-activity;sid:84330568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36054141231.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467469/; classtype:trojan-activity;sid:84330569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467470)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/85925649248.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467470/; classtype:trojan-activity;sid:84330570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467471)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/educacion_financiera_avanzada_partiendo_de_cero_autor_gregor.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467471/; classtype:trojan-activity;sid:84330571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/663ae0bf-1142-4d7a-8653-755553f6852e/downloads/lejafarezafig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467472/; classtype:trojan-activity;sid:84330572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.208.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467473/; classtype:trojan-activity;sid:84330573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/biwejukajurel.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467474/; classtype:trojan-activity;sid:84330574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467458)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/6083216094.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467458/; classtype:trojan-activity;sid:84330558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/69065118383.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467459/; classtype:trojan-activity;sid:84330559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.187.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467460/; classtype:trojan-activity;sid:84330560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467461)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/40061082597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467461/; classtype:trojan-activity;sid:84330561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/94224235634.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467462/; classtype:trojan-activity;sid:84330562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/739cff78-28a4-4749-8c7f-abf371b6a947/downloads/62789327536.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467463/; classtype:trojan-activity;sid:84330563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee12fbcb-3848-4c54-8690-0d9c760d3837/downloads/5683334295.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467464/; classtype:trojan-activity;sid:84330564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9b3f7f8-355a-428e-bb44-74bff775274d/downloads/supix.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467453/; classtype:trojan-activity;sid:84330553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/670646a4-4ce8-4367-bccc-c52d2083c9a3/downloads/chronogramme_dune_these_de_doctorat.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467454/; classtype:trojan-activity;sid:84330554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467455)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/zopawakabubijipek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467455/; classtype:trojan-activity;sid:84330555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467456)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/27590969755.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467456/; classtype:trojan-activity;sid:84330556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467457)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kudokexogikekuporeso.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467457/; classtype:trojan-activity;sid:84330557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467450)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4ce83184-7694-4620-b0b9-3645ef4652b7/gabemorewixixasavarurug.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467450/; classtype:trojan-activity;sid:84330550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467451)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d959d993-4fc6-48dc-b711-b9da10840e32/cc9cd66e-b294-4eaf-b7d8-e6b550c606f7.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467451/; classtype:trojan-activity;sid:84330551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/48255006417.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467452/; classtype:trojan-activity;sid:84330552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.35.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467446/; classtype:trojan-activity;sid:84330546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467447)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f79cf708-8349-4a69-96d0-5f544a826202/495c7b23-01a4-46f5-a84e-f448cbc93c75.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467447/; classtype:trojan-activity;sid:84330547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467448)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09540d0c-1db9-4e3c-a32d-6eed7b48ae00/downloads/3841723103.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467448/; classtype:trojan-activity;sid:84330548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467449)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7308f9b6-8eea-442e-8dd5-84e4c3d30482/keririlizefimimuxobumuper.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467449/; classtype:trojan-activity;sid:84330549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_dossier_raep_redige.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467443/; classtype:trojan-activity;sid:84330543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3007465f-aa28-4ea8-964e-00ec10d6daef/downloads/reinforced_concrete_wall_design_examples.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467444/; classtype:trojan-activity;sid:84330544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/munich_tourist_attractions_map.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467445/; classtype:trojan-activity;sid:84330545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467436)"; flow:established,from_client; content:"GET"; http_method; content:"/file/3112ac56-cb4b-4ba8-be65-c3e1375c8304/5cd02e4a-70a1-4d54-ad10-384802801240.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467436/; classtype:trojan-activity;sid:84330536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.186.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467437/; classtype:trojan-activity;sid:84330537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467438)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4a17de4-bdbb-4d1a-aaee-49990939d4cf/downloads/problue_7_nordson_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467438/; classtype:trojan-activity;sid:84330538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467439/; classtype:trojan-activity;sid:84330539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/30229793875.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467440/; classtype:trojan-activity;sid:84330540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.226.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467441/; classtype:trojan-activity;sid:84330541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467442)"; flow:established,from_client; content:"GET"; http_method; content:"/files/0e304cef-404d-4de7-86c0-5b512632fbd4/80970917646.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467442/; classtype:trojan-activity;sid:84330542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467432)"; flow:established,from_client; content:"GET"; http_method; content:"/files/95c91e39-3ff9-4931-b61e-619e27e7b6c6/8920636342.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467432/; classtype:trojan-activity;sid:84330532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467433)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/cooling_tower_working.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467433/; classtype:trojan-activity;sid:84330533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467434)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/corporate_signature_authority_matrix_template_printable.pdf"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467434/; classtype:trojan-activity;sid:84330534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467435)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.206.136.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467435/; classtype:trojan-activity;sid:84330535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467425)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/continental_online_assessment_test_answers.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467425/; classtype:trojan-activity;sid:84330525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467426)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/465f36af-7a24-4906-9c2a-986dcb6b15f8/downloads/where_can_i_get_edo_state_of_origin_certificate_in_lagos.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467426/; classtype:trojan-activity;sid:84330526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467427)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sample_testimonials_for_employees.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467427/; classtype:trojan-activity;sid:84330527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467428)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bf8d6b31-0867-4cc2-b138-2d2dbb23ec3a/downloads/bawananulufobomoderawulen.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467428/; classtype:trojan-activity;sid:84330528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/90dc87b4-fd7e-4412-9a6a-76e20db16dbd/downloads/23425133870.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467429/; classtype:trojan-activity;sid:84330529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467430)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7b70321b-4224-46be-ac44-01e0f9202e30/7da81eec-8512-4f2e-b715-7b5237f28c63.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467430/; classtype:trojan-activity;sid:84330530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.40.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467431/; classtype:trojan-activity;sid:84330531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467419)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467419/; classtype:trojan-activity;sid:84330519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.95.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467420/; classtype:trojan-activity;sid:84330520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467421)"; flow:established,from_client; content:"GET"; http_method; content:"/file/be539b63-ef33-4ddf-a4b6-3535f6d7177a/lopedu.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467421/; classtype:trojan-activity;sid:84330521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467422)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/86119351354.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467422/; classtype:trojan-activity;sid:84330522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kagoferoxotopelabalim.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467423/; classtype:trojan-activity;sid:84330523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467424)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ec4a5ae2-6fe2-4364-b9e7-6c8d9db31146/11207208435.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467424/; classtype:trojan-activity;sid:84330524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467411)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/how_to_write_letter_against_show_cause_notice.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467411/; classtype:trojan-activity;sid:84330511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/bevakabopodo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467412/; classtype:trojan-activity;sid:84330512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467413)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2eba84c2-94e5-4a91-9a6d-b48b89dea52f/xudopotowemisulisonuler.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467413/; classtype:trojan-activity;sid:84330513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467414)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b428f5c4-195e-4e6c-9bd4-676e70762b31/ca257a27-a25b-4a44-85e3-04065ad1fbc5.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467414/; classtype:trojan-activity;sid:84330514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467415)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5873c16e-436e-449c-b710-5b7f358c3103/861fa459-f45d-4d01-8dd5-9b4104594d03.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467415/; classtype:trojan-activity;sid:84330515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467416)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/55669141050.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467416/; classtype:trojan-activity;sid:84330516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fb13673c-7b10-403f-be9e-1b04622101d6/downloads/61656569082.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467417/; classtype:trojan-activity;sid:84330517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/98264302577.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467418/; classtype:trojan-activity;sid:84330518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467407)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d2af09d1-519b-4d3e-ab3b-2e40104fb0cb/489704d6-6d2a-4724-8b41-1c5c324baf26.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467407/; classtype:trojan-activity;sid:84330507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467408)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/grammar_plus_class_8.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467408/; classtype:trojan-activity;sid:84330508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/32575227287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467409/; classtype:trojan-activity;sid:84330509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/xavibow.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467410/; classtype:trojan-activity;sid:84330510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467400)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b566d4a5-149a-4042-a2b5-fa837a998781/downloads/62246613540.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467400/; classtype:trojan-activity;sid:84330500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5d43283-67be-4a3b-9041-1427b691166f/downloads/dotadaxokokimidupoz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467401/; classtype:trojan-activity;sid:84330501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467402)"; flow:established,from_client; content:"GET"; http_method; content:"/files/b8a81dd7-3b33-412a-8456-607e91a97e90/ketolalavomutovarili.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467402/; classtype:trojan-activity;sid:84330502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a19a3dcf-f832-45fe-91ff-ed566d492286/downloads/31803450103.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467403/; classtype:trojan-activity;sid:84330503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467404)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/26449761459.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467404/; classtype:trojan-activity;sid:84330504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467405/; classtype:trojan-activity;sid:84330505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.190.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467406/; classtype:trojan-activity;sid:84330506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467393)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1088ccc3-7983-400c-959e-5be296c06dbd/61282940220.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467393/; classtype:trojan-activity;sid:84330493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467394)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a235f78c-e9e7-4d63-aae7-24f85876af86/lumatup.pdf"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467394/; classtype:trojan-activity;sid:84330494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467395)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/manual_de_uso_cummins_insite.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467395/; classtype:trojan-activity;sid:84330495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.115.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467396/; classtype:trojan-activity;sid:84330496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/83127272265.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467397/; classtype:trojan-activity;sid:84330497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.40.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467398/; classtype:trojan-activity;sid:84330498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.40.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467399/; classtype:trojan-activity;sid:84330499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467388)"; flow:established,from_client; content:"GET"; http_method; content:"/file/92c6c0c3-ebe1-47a6-b19e-ef59120f4e6f/46693267594.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467388/; classtype:trojan-activity;sid:84330488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/50013116393.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467389/; classtype:trojan-activity;sid:84330489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467390)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f0330611-ff51-45ca-926b-9b867e542092/sudujobotopuwepiponu.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467390/; classtype:trojan-activity;sid:84330490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sowuluxoranevoxivobu.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467391/; classtype:trojan-activity;sid:84330491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jw_public_talk_outlines.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467392/; classtype:trojan-activity;sid:84330492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467386)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/muxem.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467386/; classtype:trojan-activity;sid:84330486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.31.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467387/; classtype:trojan-activity;sid:84330487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467378)"; flow:established,from_client; content:"GET"; http_method; content:"/files/114fa74c-1d9c-4b25-8f78-16c19310ddce/duvuzuganawa.pdf"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467378/; classtype:trojan-activity;sid:84330478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.128.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467379/; classtype:trojan-activity;sid:84330479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467380)"; flow:established,from_client; content:"GET"; http_method; content:"/file/93a2fe75-d412-4f97-a5b2-8dd891de44cf/85ca96b8-ea7f-4a1a-9202-c42bc06b3015.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467380/; classtype:trojan-activity;sid:84330480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467381)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa930190-2e12-4ce7-8bd7-0454f2ef6721/downloads/remonstration_visum_ablehnung_muster.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467381/; classtype:trojan-activity;sid:84330481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467382)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1cd14ca4-3aaa-4349-a92b-5919cb2c71ee/downloads/37493963429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467382/; classtype:trojan-activity;sid:84330482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467383)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/26417869572.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467383/; classtype:trojan-activity;sid:84330483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467384)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zutufukatozoxogunubikok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467384/; classtype:trojan-activity;sid:84330484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vawazu.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467385/; classtype:trojan-activity;sid:84330485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/libevisuxalozusofaze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467370/; classtype:trojan-activity;sid:84330470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/61695596025.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467371/; classtype:trojan-activity;sid:84330471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/remebemakuvomurixulat.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467372/; classtype:trojan-activity;sid:84330472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.83.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467373/; classtype:trojan-activity;sid:84330473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467374/; classtype:trojan-activity;sid:84330474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467375/; classtype:trojan-activity;sid:84330475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467376)"; flow:established,from_client; content:"GET"; http_method; content:"/files/d750aa22-ad00-4a86-8dbb-face60ce59f9/lopetijazipidulu.pdf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467376/; classtype:trojan-activity;sid:84330476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467377)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/35713869772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467377/; classtype:trojan-activity;sid:84330477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467363)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/popezefere.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467363/; classtype:trojan-activity;sid:84330463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.29.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467364/; classtype:trojan-activity;sid:84330464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467365)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/57373027197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467365/; classtype:trojan-activity;sid:84330465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.201.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467366/; classtype:trojan-activity;sid:84330466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467367)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e00f0b9-c207-4cb1-9a9a-c11d057e31a3/downloads/request_letter_for_hold_amount_release.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467367/; classtype:trojan-activity;sid:84330467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467368/; classtype:trojan-activity;sid:84330468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467369)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/58650400832.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467369/; classtype:trojan-activity;sid:84330469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0684881f-11f6-455b-9188-fb070acdb368/downloads/you_too_can_be_prosperous.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467358/; classtype:trojan-activity;sid:84330458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/sizusobimemitu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467359/; classtype:trojan-activity;sid:84330459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467360)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/fosodevo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467360/; classtype:trojan-activity;sid:84330460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467361)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6ce8cd76-f823-495f-9578-935f1fbb5f25/46331808306.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467361/; classtype:trojan-activity;sid:84330461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467362)"; flow:established,from_client; content:"GET"; http_method; content:"/file/aa1a14ae-09b9-4ac2-a4bf-9ddd9fb14765/38853724633.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467362/; classtype:trojan-activity;sid:84330462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467353/; classtype:trojan-activity;sid:84330453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467354)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/towedokunorazageleside.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467354/; classtype:trojan-activity;sid:84330454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/65604431763.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467355/; classtype:trojan-activity;sid:84330455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467356)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6d5a673a-240c-451d-91ea-8d67fe999f08/veledudiberiv.pdf"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467356/; classtype:trojan-activity;sid:84330456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467357)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruwuxa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467357/; classtype:trojan-activity;sid:84330457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467346/; classtype:trojan-activity;sid:84330446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467347)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/sulupob.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467347/; classtype:trojan-activity;sid:84330447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a2e88a7-385b-4aed-a81e-123c037cba5d/downloads/57067255053.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467348/; classtype:trojan-activity;sid:84330448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467349)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.110.187.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467349/; classtype:trojan-activity;sid:84330449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/2544897802.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467350/; classtype:trojan-activity;sid:84330450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467351)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bde008dd-4aee-4559-8f8b-9cba68bc99a3/el_dador_de_sueos_libro_completo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467351/; classtype:trojan-activity;sid:84330451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467352)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/66812037618.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467352/; classtype:trojan-activity;sid:84330452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.39.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467341/; classtype:trojan-activity;sid:84330441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467342)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a9bb4d6d-d273-4cc1-bbe8-0f40da88f595/gesapimosuz.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467342/; classtype:trojan-activity;sid:84330442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467343)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d3217567-fe9b-4288-9e16-9b671ca980de/surozused.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467343/; classtype:trojan-activity;sid:84330443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b4da0e1a-7caf-4ed8-aaa9-0949952990f3/downloads/49347806429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467344/; classtype:trojan-activity;sid:84330444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467345)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ecee9084-7e3d-4775-8bb2-790a86730cd5/22212675749.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467345/; classtype:trojan-activity;sid:84330445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467339)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7399f648-106b-4174-b8c0-6d6694895ad3/downloads/vakoxumem.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467339/; classtype:trojan-activity;sid:84330439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gununemedusotojipime.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467340/; classtype:trojan-activity;sid:84330440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.193.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467333/; classtype:trojan-activity;sid:84330433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467334)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/92c7bb30-769c-4722-92cc-8b01b59910e0/downloads/36512394005.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467334/; classtype:trojan-activity;sid:84330434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467335)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/jirdnfrd0t0tou3/linkin_park.mp3/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467335/; classtype:trojan-activity;sid:84330435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467336)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a712ecec-1225-484e-8b79-ddaa754afbc3/kezizapep.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467336/; classtype:trojan-activity;sid:84330436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7592d1e2-3dca-48f2-9f42-bb08c23dfb67/downloads/zutav.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467337/; classtype:trojan-activity;sid:84330437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.93.59.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467338/; classtype:trojan-activity;sid:84330438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.133.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467331/; classtype:trojan-activity;sid:84330431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467332)"; flow:established,from_client; content:"GET"; http_method; content:"/files/e7cb5a20-2f3d-45a8-a357-ae875f4eaa20/87562070810.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467332/; classtype:trojan-activity;sid:84330432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467324)"; flow:established,from_client; content:"GET"; http_method; content:"/trox/jmq0yz65.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"79.133.46.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467324/; classtype:trojan-activity;sid:84330424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467325)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7fc70596-63fd-4ffd-a294-0143f41e7b21/7117237545.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467325/; classtype:trojan-activity;sid:84330425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f97cb07-1cfa-4fca-b6d8-3f1bf47f56b3/downloads/dulerugufep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467326/; classtype:trojan-activity;sid:84330426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467327)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac37b1bf-99c9-40af-be4e-2704a83e665c/downloads/17786842133.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467327/; classtype:trojan-activity;sid:84330427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467328)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nopurumonufulelu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467328/; classtype:trojan-activity;sid:84330428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467329)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b44aaa8-926a-4cbd-9774-e30385fa65ac/downloads/zexesotusipedelew.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467329/; classtype:trojan-activity;sid:84330429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467330/; classtype:trojan-activity;sid:84330430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/security_daily_activity_report_template.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467321/; classtype:trojan-activity;sid:84330421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.244.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467322/; classtype:trojan-activity;sid:84330422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.10.241.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467323/; classtype:trojan-activity;sid:84330423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a3d7189d-efc6-47e1-bbe5-dc5eeaf610a0/downloads/rtca_do-160g.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467312/; classtype:trojan-activity;sid:84330412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac66f4da-754b-4df9-b080-4728fb201349/downloads/nimoma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467313/; classtype:trojan-activity;sid:84330413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c877865a-29ce-446f-b8f8-42c8a2318eff/downloads/personal_loan_closure_letter_format_in_word.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467314/; classtype:trojan-activity;sid:84330414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467315)"; flow:established,from_client; content:"GET"; http_method; content:"/files/4dd53fd6-f0ea-44a8-a37c-cda8c492d03f/59233059677.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467315/; classtype:trojan-activity;sid:84330415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467316)"; flow:established,from_client; content:"GET"; http_method; content:"/files/f7d38d8b-50aa-455d-a3d8-99192ea078bd/78655614964.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467316/; classtype:trojan-activity;sid:84330416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11677680583.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467317/; classtype:trojan-activity;sid:84330417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467318)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/elkonin_boxes_word_list.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467318/; classtype:trojan-activity;sid:84330418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.153.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467319/; classtype:trojan-activity;sid:84330419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/zudelejanegine.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467320/; classtype:trojan-activity;sid:84330420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467308)"; flow:established,from_client; content:"GET"; http_method; content:"/files/db87f80d-8e4e-432b-9630-ddc8beb8c864/tivazus.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467308/; classtype:trojan-activity;sid:84330408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.250.15.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467309/; classtype:trojan-activity;sid:84330409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467310)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a52e073a-2988-4635-9db6-288ec16041d2/9048982222.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467310/; classtype:trojan-activity;sid:84330410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467311)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4039263c-c7cb-4e25-b3bb-d7162133a0a8/vilaziwiwaxadilugodadunu.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467311/; classtype:trojan-activity;sid:84330411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c3d6560-d229-4015-8af2-a70ad89bde0a/downloads/80071621679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467307/; classtype:trojan-activity;sid:84330407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lapeke.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467305/; classtype:trojan-activity;sid:84330405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467306)"; flow:established,from_client; content:"GET"; http_method; content:"/files/53cb876b-c10d-4638-b1c7-5b06aa8af2a3/palilumepaxelasopad.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467306/; classtype:trojan-activity;sid:84330406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.39.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467302/; classtype:trojan-activity;sid:84330402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467303)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/kapabemirowajuzaxadirokef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467303/; classtype:trojan-activity;sid:84330403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/modexad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467304/; classtype:trojan-activity;sid:84330404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467298)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0bdc9896-149c-4815-8e37-9e55432c4120/downloads/bofugesugipufibutunida.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467298/; classtype:trojan-activity;sid:84330398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467299)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6fb6e0eb-54d7-4d6e-b13b-5985f97c8b1a/49376755230.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467299/; classtype:trojan-activity;sid:84330399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467300)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/xuguxupevubitutuzoju.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467300/; classtype:trojan-activity;sid:84330400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rubejemi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467301/; classtype:trojan-activity;sid:84330401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atividades_de_concordancia_verbal_5o_ano_com_gabarito.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467286/; classtype:trojan-activity;sid:84330386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467287)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/45524925955.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467287/; classtype:trojan-activity;sid:84330387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467288/; classtype:trojan-activity;sid:84330388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.145.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467289/; classtype:trojan-activity;sid:84330389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467290)"; flow:established,from_client; content:"GET"; http_method; content:"/files/e7763182-5170-4ac3-88a0-34c08f377e99/ejercicios_de_caligrafia_para_adultos_para_imprimir_gratis.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467290/; classtype:trojan-activity;sid:84330390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467291/; classtype:trojan-activity;sid:84330391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467292)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/cyberark_psmp_admin_guide.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467292/; classtype:trojan-activity;sid:84330392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467293)"; flow:established,from_client; content:"GET"; http_method; content:"/file/3c4ff29d-2e3e-4c5e-89e2-5d1494a94f45/xulir.pdf"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467293/; classtype:trojan-activity;sid:84330393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467294)"; flow:established,from_client; content:"GET"; http_method; content:"/file/30104279-9f42-452a-823f-b0b58141c751/1821303460.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467294/; classtype:trojan-activity;sid:84330394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467295)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/kitab_shams_al_maarif.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467295/; classtype:trojan-activity;sid:84330395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.196.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467296/; classtype:trojan-activity;sid:84330396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467297)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.35.66.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467297/; classtype:trojan-activity;sid:84330397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467285)"; flow:established,from_client; content:"GET"; http_method; content:"/file/392b1d55-98e9-4a40-b03b-c0ae850369e5/32214814689.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467285/; classtype:trojan-activity;sid:84330385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3298be68-ecf2-4e6e-8fa7-1bf1d7657489/downloads/xagoje.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467283/; classtype:trojan-activity;sid:84330383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.95.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467284/; classtype:trojan-activity;sid:84330384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/83df8ca9-16c2-4244-8f9e-8be918c4b8a3/downloads/86611585002.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467279/; classtype:trojan-activity;sid:84330379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/41138401642.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467280/; classtype:trojan-activity;sid:84330380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467281)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/hepatorenales_syndrom.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467281/; classtype:trojan-activity;sid:84330381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467282)"; flow:established,from_client; content:"GET"; http_method; content:"/file/58964252-cd6e-4e37-852f-6a7dd3db96cb/bufapaxowulepude.pdf"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467282/; classtype:trojan-activity;sid:84330382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467271)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/53744052149.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467271/; classtype:trojan-activity;sid:84330371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467272/; classtype:trojan-activity;sid:84330372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.9.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467273/; classtype:trojan-activity;sid:84330373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467274)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/nijalox.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467274/; classtype:trojan-activity;sid:84330374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467275)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/how_to_change_font_size_in_xchange_editor.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467275/; classtype:trojan-activity;sid:84330375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467276)"; flow:established,from_client; content:"GET"; http_method; content:"/files/422cf8cf-a37f-4392-9b89-cff4080bd8e6/nofuxado.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467276/; classtype:trojan-activity;sid:84330376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467277)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/limitorque_mx_ordering_guide.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467277/; classtype:trojan-activity;sid:84330377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467278/; classtype:trojan-activity;sid:84330378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467265)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2cc97878-28ab-4a85-9a84-ea3264eb156b/kabewok.pdf"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467265/; classtype:trojan-activity;sid:84330365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/timex_expedition_indiglo_wr50m_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467266/; classtype:trojan-activity;sid:84330366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.62.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467267/; classtype:trojan-activity;sid:84330367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.35.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467268/; classtype:trojan-activity;sid:84330368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/hitachi_cd_sem_operation_manual.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467269/; classtype:trojan-activity;sid:84330369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467270)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/4452624/normal_600124913c3bb.pdf"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"static.s123-cdn-static.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467270/; classtype:trojan-activity;sid:84330370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.179.223.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467263/; classtype:trojan-activity;sid:84330363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467264)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/87483152555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467264/; classtype:trojan-activity;sid:84330364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/36672004653.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467259/; classtype:trojan-activity;sid:84330359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9dc6fd8e-b629-406d-be34-231dfc94d5e9/downloads/catia_v5_simulation_tutorial.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467260/; classtype:trojan-activity;sid:84330360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467261)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ccd005cd-d108-4c51-8fd6-7bf42ac41ada/verumowiwo.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467261/; classtype:trojan-activity;sid:84330361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467262)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/vuzabovamipavowaseke.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467262/; classtype:trojan-activity;sid:84330362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467253)"; flow:established,from_client; content:"GET"; http_method; content:"/file/293fb5cd-3b39-457b-bae2-91b13eccb61c/7d28ec2d-0a71-4da9-86a3-a16429360b28.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467253/; classtype:trojan-activity;sid:84330353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09077edc-9c07-4d95-9708-b2f62b12ca6a/downloads/jikiluwuruwewomurenix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467254/; classtype:trojan-activity;sid:84330354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467255)"; flow:established,from_client; content:"GET"; http_method; content:"/atxhua"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467255/; classtype:trojan-activity;sid:84330355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.16.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467256/; classtype:trojan-activity;sid:84330356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467257)"; flow:established,from_client; content:"GET"; http_method; content:"/file/0bb2c388-03d7-4c78-99b0-efb150b3014e/16723229040.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467257/; classtype:trojan-activity;sid:84330357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467258)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/weguma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467258/; classtype:trojan-activity;sid:84330358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467242)"; flow:established,from_client; content:"GET"; http_method; content:"/file/42a5052f-4410-4333-8cf0-10f7abd3429f/f7ad0480-48b6-4b8b-bc7d-cac0ed90cc9d.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467242/; classtype:trojan-activity;sid:84330342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.229.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467243/; classtype:trojan-activity;sid:84330343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.96.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467244/; classtype:trojan-activity;sid:84330344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.129.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467245/; classtype:trojan-activity;sid:84330345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467246)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/attributes_of_a_good_research_topic_ppt.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467246/; classtype:trojan-activity;sid:84330346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467247)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7173f42b-e2c4-4bf0-90a4-8d9fcb5040c3/securecrt-61-serial-number-license-key.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467247/; classtype:trojan-activity;sid:84330347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467248)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d34ec583-d8e1-4ff4-a80b-d6f34428576d/xesusugefan.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467248/; classtype:trojan-activity;sid:84330348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1663535d-289f-4a17-902d-0bb53881ce69/downloads/kurupojofuxerixutalo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467249/; classtype:trojan-activity;sid:84330349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467250)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/mizibatazikitawejubidodog.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467250/; classtype:trojan-activity;sid:84330350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467251)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/gibabasakofalulizuwa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467251/; classtype:trojan-activity;sid:84330351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467252)"; flow:established,from_client; content:"GET"; http_method; content:"/adcvds"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467252/; classtype:trojan-activity;sid:84330352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467238/; classtype:trojan-activity;sid:84330338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467239)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e6123bbf-0063-4480-90e5-fd420a51147a/6718981e-e148-4aa4-9bf4-18515d9493cb.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467239/; classtype:trojan-activity;sid:84330339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467240)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/meravinuvisudome.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467240/; classtype:trojan-activity;sid:84330340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/70815730326.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467241/; classtype:trojan-activity;sid:84330341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.151.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467234/; classtype:trojan-activity;sid:84330334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467235)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/86649529175.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467235/; classtype:trojan-activity;sid:84330335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467236)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nims_703_b_answers.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467236/; classtype:trojan-activity;sid:84330336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467237)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/tojanigawexulametuzuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467237/; classtype:trojan-activity;sid:84330337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2ad79b-5832-4a2d-a335-92537db54849/downloads/pinestars_choice.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467230/; classtype:trojan-activity;sid:84330330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/vupegazezo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467231/; classtype:trojan-activity;sid:84330331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467232)"; flow:established,from_client; content:"GET"; http_method; content:"/files/42499821-5347-4ca4-8c48-80a60c2e45c5/media-planning-and-buying-in-the-21st-century-workbook-3rd-edition-3rd-edition-592.pdf"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467232/; classtype:trojan-activity;sid:84330332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467233/; classtype:trojan-activity;sid:84330333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/18985117210.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467221/; classtype:trojan-activity;sid:84330321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467222)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/749e61_433cb70fbd7344cdb04af161d846175e.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"18e7ef82-5c75-44fe-ae22-4c356c2c9ce0.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467222/; classtype:trojan-activity;sid:84330322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467223)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/03167ecf-a61c-49ea-b541-7a074a81e1da/downloads/6655537579.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467223/; classtype:trojan-activity;sid:84330323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.72.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467224/; classtype:trojan-activity;sid:84330324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467225)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/41957679215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467225/; classtype:trojan-activity;sid:84330325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_livret_2_vae_rempli.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467226/; classtype:trojan-activity;sid:84330326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.77.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467227/; classtype:trojan-activity;sid:84330327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f569f34e-b7af-41eb-9a21-0f9939c54b3f/downloads/64195657437.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467228/; classtype:trojan-activity;sid:84330328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.131.77.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467229/; classtype:trojan-activity;sid:84330329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467220)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/aspen_pims_manual.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467220/; classtype:trojan-activity;sid:84330320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467218/; classtype:trojan-activity;sid:84330318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/fivojudu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467219/; classtype:trojan-activity;sid:84330319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467210)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/20019605198.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467210/; classtype:trojan-activity;sid:84330310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467211/; classtype:trojan-activity;sid:84330311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467212)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/45706940387.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467212/; classtype:trojan-activity;sid:84330312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xajuxe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467213/; classtype:trojan-activity;sid:84330313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/81f7a7ad-d4fe-4147-943f-584c2d1e9bf5/downloads/because_of_mr_terupt_online.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467214/; classtype:trojan-activity;sid:84330314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/fajupip.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467215/; classtype:trojan-activity;sid:84330315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.68.235.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467216/; classtype:trojan-activity;sid:84330316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467217)"; flow:established,from_client; content:"GET"; http_method; content:"/files/92f45714-2bc7-4a1d-963d-bbc2db290864/25575929868.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467217/; classtype:trojan-activity;sid:84330317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.97.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467204/; classtype:trojan-activity;sid:84330304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/minetest_wiki_commands.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467205/; classtype:trojan-activity;sid:84330305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/ohanian_physics_volume_1.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467206/; classtype:trojan-activity;sid:84330306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1c97d706-1093-417b-afec-0c60fc1d8547/downloads/74906999263.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467207/; classtype:trojan-activity;sid:84330307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/900d123a-2557-4fa9-92f6-1446b602b979/downloads/deporiramuga.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467208/; classtype:trojan-activity;sid:84330308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/traffic_light_risk_assessment_template_mental_health.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467209/; classtype:trojan-activity;sid:84330309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467201)"; flow:established,from_client; content:"GET"; http_method; content:"/file/096f332a-8eb1-4388-9e17-d73883112e38/9830690d-7b3a-4926-a9ea-f08ad20327c7.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467201/; classtype:trojan-activity;sid:84330301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/suritotowid.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467202/; classtype:trojan-activity;sid:84330302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.11.118"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467203/; classtype:trojan-activity;sid:84330303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/41821413009.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467196/; classtype:trojan-activity;sid:84330296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467197/; classtype:trojan-activity;sid:84330297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467198)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5920b318-f137-460b-8d4a-e5b211af3c81/vefiweparurinaruzi.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467198/; classtype:trojan-activity;sid:84330298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.203.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467199/; classtype:trojan-activity;sid:84330299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467200)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/14312384720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467200/; classtype:trojan-activity;sid:84330300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/37654458598.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467187/; classtype:trojan-activity;sid:84330287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467188)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/23776368177.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467188/; classtype:trojan-activity;sid:84330288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467189)"; flow:established,from_client; content:"GET"; http_method; content:"/file/58cee74b-4242-4ffb-af5b-1d74f4a31745/c31ff068-af97-404a-9512-1ce2612649a0.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467189/; classtype:trojan-activity;sid:84330289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb8ff9f7-37bb-4420-bfa0-f018b38dcfa6/downloads/17065535031.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467190/; classtype:trojan-activity;sid:84330290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467191)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/41591669011.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467191/; classtype:trojan-activity;sid:84330291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467192)"; flow:established,from_client; content:"GET"; http_method; content:"/file/54e85f7c-9dab-4e65-beea-d89b261ddf4a/54404753091.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467192/; classtype:trojan-activity;sid:84330292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/2634956565.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467193/; classtype:trojan-activity;sid:84330293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.242.93.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467194/; classtype:trojan-activity;sid:84330294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.9.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467195/; classtype:trojan-activity;sid:84330295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/437a989b-0a84-4105-b8c7-1870eb56af29/downloads/sbi_disbursement_request_form.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467177/; classtype:trojan-activity;sid:84330277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467178)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/4486981/normal_6005093ad4658.pdf"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"static.s123-cdn-static.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467178/; classtype:trojan-activity;sid:84330278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467179)"; flow:established,from_client; content:"GET"; http_method; content:"/file/06354e74-2b58-49f3-8c60-676e2482dcc9/0bd4a945-ecb7-44f4-884d-eb709f7d002e.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467179/; classtype:trojan-activity;sid:84330279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/27f26436-44ad-4647-8929-a76a4ea0ea67/downloads/sample_query_letter_for_negligence_of_duty.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467180/; classtype:trojan-activity;sid:84330280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/sapebufuj.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467181/; classtype:trojan-activity;sid:84330281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.186.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467182/; classtype:trojan-activity;sid:84330282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.247.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467183/; classtype:trojan-activity;sid:84330283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4365da4a-8d29-4708-8e67-b3b566794d83/downloads/fovizijazobupukototofosop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467184/; classtype:trojan-activity;sid:84330284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467185)"; flow:established,from_client; content:"GET"; http_method; content:"/file/307bab15-ba07-4fd4-bdb4-b3236a1e3e70/27573310072.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467185/; classtype:trojan-activity;sid:84330285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/93759555539.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467186/; classtype:trojan-activity;sid:84330286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ligitove.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467175/; classtype:trojan-activity;sid:84330275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467176)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/62404701972.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467176/; classtype:trojan-activity;sid:84330276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467171)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/069f5eef-b21d-41b6-aaa6-569b53af1c5a/downloads/rawidesukusutalunug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467171/; classtype:trojan-activity;sid:84330271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d102a54e-7197-4308-a937-d70c58240642/downloads/26442784020.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467172/; classtype:trojan-activity;sid:84330272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467173)"; flow:established,from_client; content:"GET"; http_method; content:"/files/99ee6fe7-c31a-44d9-9a28-74fd67e79f35/relion_thermometer_06429_manual.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467173/; classtype:trojan-activity;sid:84330273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467174)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/4383692/normal_5feebea1eb7b4.pdf"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"static.s123-cdn-static.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467174/; classtype:trojan-activity;sid:84330274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467167)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/83882971503.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467167/; classtype:trojan-activity;sid:84330267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467168)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/modelo_carta_entrega_de_inmueble_word.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467168/; classtype:trojan-activity;sid:84330268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467169)"; flow:established,from_client; content:"GET"; http_method; content:"/files/a12b29f6-2276-4677-8256-5fcea67123a9/download-song-meghan-trainor-better-when-im-dancing-mp3-2-405-mb--mp3-free-download.pdf"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467169/; classtype:trojan-activity;sid:84330269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467170)"; flow:established,from_client; content:"GET"; http_method; content:"/files/d96d271f-9e83-4434-b184-33d0d21f4e85/demovetaxufijomadifabitak.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467170/; classtype:trojan-activity;sid:84330270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467163)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/61905f2a-55dd-4144-8c7c-fce5e91063a8/downloads/british_army_all_arms_tactical_aide_memoire.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467163/; classtype:trojan-activity;sid:84330263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467164)"; flow:established,from_client; content:"GET"; http_method; content:"/file/740637d6-73b5-4fcc-8d22-7d734c657eb2/pozadawugi.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467164/; classtype:trojan-activity;sid:84330264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.10.251.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467165/; classtype:trojan-activity;sid:84330265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467166)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rakotojifodonosanilorefa.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467166/; classtype:trojan-activity;sid:84330266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467157)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ec2f808-78a9-4c99-aa80-be96e23bf450/downloads/gewikunobapizati.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467157/; classtype:trojan-activity;sid:84330257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467158)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7dda8154-e680-4c60-8651-19cf13768d49/downloads/jadol.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467158/; classtype:trojan-activity;sid:84330258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467159/; classtype:trojan-activity;sid:84330259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.18.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467160/; classtype:trojan-activity;sid:84330260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.214.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467161/; classtype:trojan-activity;sid:84330261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467162)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/4428061/normal_5ff192468f8e0.pdf"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"static.s123-cdn-static.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467162/; classtype:trojan-activity;sid:84330262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nojivurajojirezizi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467154/; classtype:trojan-activity;sid:84330254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.72.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467155/; classtype:trojan-activity;sid:84330255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467156)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98571e96-4bd9-4ee2-bb76-481ac550907e/downloads/genebugutisevijuk.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467156/; classtype:trojan-activity;sid:84330256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467148)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/jiwekonuwokesarejibezan.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467148/; classtype:trojan-activity;sid:84330248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/159e5f7b-5078-45c9-9b36-63f21684101f/downloads/94962104148.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467149/; classtype:trojan-activity;sid:84330249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467150)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9483bc30-bb1c-4c04-9cf3-38d205924dab/downloads/jugilususosu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467150/; classtype:trojan-activity;sid:84330250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/virapajoridubibakoxofa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467151/; classtype:trojan-activity;sid:84330251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/319984769.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467152/; classtype:trojan-activity;sid:84330252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467153)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fcb9589d-b8a6-4c25-8cc8-f6681de84437/367620ee-8cfd-4bbf-9982-538181fd81cf.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467153/; classtype:trojan-activity;sid:84330253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467141)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ef7c8c3e-4582-4a58-bb92-3ce89a66d2b8/66355291114.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467141/; classtype:trojan-activity;sid:84330241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467142)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/makusikarubikowaxosop.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467142/; classtype:trojan-activity;sid:84330242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467143)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/gikuxuze.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467143/; classtype:trojan-activity;sid:84330243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467144/; classtype:trojan-activity;sid:84330244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467145/; classtype:trojan-activity;sid:84330245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467146)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/voxuba.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467146/; classtype:trojan-activity;sid:84330246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/wokaselu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467147/; classtype:trojan-activity;sid:84330247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467139)"; flow:established,from_client; content:"GET"; http_method; content:"/files/0d0c208b-cf67-4297-9c4d-6f730dc83dc3/moonwalking-with-einstein-the-art-and-science-of-remembering-everything-285.pdf"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467139/; classtype:trojan-activity;sid:84330239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.255.13.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467140/; classtype:trojan-activity;sid:84330240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/velafeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467135/; classtype:trojan-activity;sid:84330235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467136)"; flow:established,from_client; content:"GET"; http_method; content:"/files/f2bc76c3-47f6-420d-8119-2513de4cdfad/62895247613.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467136/; classtype:trojan-activity;sid:84330236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467137)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/97fcff61-ad1b-4591-bfda-ed7d6d6690f0/downloads/49593663309.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467137/; classtype:trojan-activity;sid:84330237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/49103789197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467138/; classtype:trojan-activity;sid:84330238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zafekupegagasaza.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467132/; classtype:trojan-activity;sid:84330232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/55585429936.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467133/; classtype:trojan-activity;sid:84330233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467134)"; flow:established,from_client; content:"GET"; http_method; content:"/file/83c83f15-1f19-4538-8487-2a1f81857e7f/duwikanulevovukipokire.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467134/; classtype:trojan-activity;sid:84330234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467124)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d7420989-c788-46b3-bb9a-431ecb7a68e1/58399450408.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467124/; classtype:trojan-activity;sid:84330224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/siwevewedelo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467125/; classtype:trojan-activity;sid:84330225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467126)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fedex_air_waybill_form.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467126/; classtype:trojan-activity;sid:84330226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467127)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d567d1b9-5a9f-4b97-a387-65a7c02f8ff4/downloads/barapinawowaja.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467127/; classtype:trojan-activity;sid:84330227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467128)"; flow:established,from_client; content:"GET"; http_method; content:"/file/53612291-bd08-4d42-85b3-7e1c9d3a47cf/tuxosu.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467128/; classtype:trojan-activity;sid:84330228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467129/; classtype:trojan-activity;sid:84330229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.96.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467130/; classtype:trojan-activity;sid:84330230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.45.56.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467131/; classtype:trojan-activity;sid:84330231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467112)"; flow:established,from_client; content:"GET"; http_method; content:"/file/3178a67d-ddf6-4081-8e97-55c583a81922/24248218485.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467112/; classtype:trojan-activity;sid:84330212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.233.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467113/; classtype:trojan-activity;sid:84330213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467114)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/44443741873.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467114/; classtype:trojan-activity;sid:84330214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/ravibopegaxipodek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467115/; classtype:trojan-activity;sid:84330215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/haojue_chopper_road_150_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467116/; classtype:trojan-activity;sid:84330216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23c146af-6c5b-426f-944d-9bf55106e4d8/downloads/de_quien_es_hija_elisa_salinas.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467117/; classtype:trojan-activity;sid:84330217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467118)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rewekawejujawidubekafebur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467118/; classtype:trojan-activity;sid:84330218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467119)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4296a513-2ea4-4905-9809-bca39c0684ec/rajekinasasemokizoneboma.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467119/; classtype:trojan-activity;sid:84330219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467120)"; flow:established,from_client; content:"GET"; http_method; content:"/files/cf3e2242-8316-46d3-98de-1b02467ddbc0/bujixepobawu.pdf"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467120/; classtype:trojan-activity;sid:84330220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467121)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3425f1f9-2741-4cdd-9a85-f51cd8a77838/downloads/pyidaungsu_font_keyboard_layout.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467121/; classtype:trojan-activity;sid:84330221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467122)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b654e430-210e-4d3f-8028-5dba8182e65e/saxugulafovelogov.pdf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467122/; classtype:trojan-activity;sid:84330222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467123)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/carte_du_voyage_d_ulysse.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467123/; classtype:trojan-activity;sid:84330223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/livro_domain_driven_design_portugues.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467109/; classtype:trojan-activity;sid:84330209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kulefenev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467110/; classtype:trojan-activity;sid:84330210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467111)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/lobola_letter_example.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467111/; classtype:trojan-activity;sid:84330211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.180.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467107/; classtype:trojan-activity;sid:84330207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467108)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/acquisition_value_negative_in_area_01_aa617.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467108/; classtype:trojan-activity;sid:84330208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/widavizuxorig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467101/; classtype:trojan-activity;sid:84330201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467102)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/chris_mccandless_travel_route.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467102/; classtype:trojan-activity;sid:84330202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467103)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17ef1a7d-be6f-43bc-ac3a-a9c4fb65005e/downloads/powejavatunepoxaj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467103/; classtype:trojan-activity;sid:84330203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467104)"; flow:established,from_client; content:"GET"; http_method; content:"/file/32d24e1c-c6e6-4a08-823e-2f86e373bb60/57b0d771-1da6-4c55-a4a6-847ddd394a30.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467104/; classtype:trojan-activity;sid:84330204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467105)"; flow:established,from_client; content:"GET"; http_method; content:"/file/514f2b90-777c-4f9d-94a1-11bd03e5d5a0/4aea56c4-4911-4d73-bf3e-1ffcaacfe37c.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467105/; classtype:trojan-activity;sid:84330205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467106)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/937a3a5d-28a9-4a6d-983b-63f9d4fe1460/downloads/90328489234.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467106/; classtype:trojan-activity;sid:84330206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467095)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1cd4fb51-dbdc-42ca-bfb9-7f378d5a4536/49459489586.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467095/; classtype:trojan-activity;sid:84330195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467096)"; flow:established,from_client; content:"GET"; http_method; content:"/file/35de4c9c-6b16-43ac-bc06-5e3e4e85b7b8/fugolu.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467096/; classtype:trojan-activity;sid:84330196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.115.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467097/; classtype:trojan-activity;sid:84330197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467098)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/wurowujezodabod.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467098/; classtype:trojan-activity;sid:84330198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pubobagawu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467099/; classtype:trojan-activity;sid:84330199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/forest_fire_causes_and_effects.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467100/; classtype:trojan-activity;sid:84330200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467086)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6b07c7a9-24ea-41b4-835a-7daa4871c250/downloads/16_personality_factors_by_cattell.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467086/; classtype:trojan-activity;sid:84330186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467087)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/725aea16-586d-4b26-8216-cd50b4981a76/downloads/wiley_organic_chemistry_solutions_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467087/; classtype:trojan-activity;sid:84330187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467088)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/psicoweb_respuestas_2019.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467088/; classtype:trojan-activity;sid:84330188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467089)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467089/; classtype:trojan-activity;sid:84330189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467090/; classtype:trojan-activity;sid:84330190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467091)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e32f5a5-6a1a-4ade-b57e-fa54871724ef/downloads/2040244551.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467091/; classtype:trojan-activity;sid:84330191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/koxisiranarigavod.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467092/; classtype:trojan-activity;sid:84330192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467093)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59d4bc6c-1e33-45d9-a430-f89e52f3f795/downloads/subazituwa.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467093/; classtype:trojan-activity;sid:84330193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467094)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/lettre_promesse_dembauche.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467094/; classtype:trojan-activity;sid:84330194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467080)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/971e893d-d96e-4c35-b8d0-897850ea3ce6/downloads/ice_quarterly_development_report_example.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467080/; classtype:trojan-activity;sid:84330180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467081)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/testigos_tablero_foton.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467081/; classtype:trojan-activity;sid:84330181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467082)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/how_to_get_gst_invoice_for_amazon_purchase.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467082/; classtype:trojan-activity;sid:84330182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/24365322622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467083/; classtype:trojan-activity;sid:84330183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467084)"; flow:established,from_client; content:"GET"; http_method; content:"/file/0fff7cb0-d24e-4615-9893-39d53f7987e4/60609716415.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467084/; classtype:trojan-activity;sid:84330184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/91284214985.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467085/; classtype:trojan-activity;sid:84330185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c5dd25fc-7740-402b-aa70-862b15f3342c/downloads/8958005659.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467078/; classtype:trojan-activity;sid:84330178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wewofolivofometu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467079/; classtype:trojan-activity;sid:84330179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/9665669589.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467072/; classtype:trojan-activity;sid:84330172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/konibaxixim.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467073/; classtype:trojan-activity;sid:84330173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/self_introduction_during_interview_example.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467074/; classtype:trojan-activity;sid:84330174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ff494cbe-9d2a-4ae4-802e-f50cfad48f0a/downloads/74334894285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467075/; classtype:trojan-activity;sid:84330175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467076)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6598ea2-e266-47e1-ba10-b9552e811b79/downloads/example_of_lease_termination_letter_to_landlord.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467076/; classtype:trojan-activity;sid:84330176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467077)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/55534301355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467077/; classtype:trojan-activity;sid:84330177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/tevolutirasuvujivol.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467065/; classtype:trojan-activity;sid:84330165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/73100246338.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467066/; classtype:trojan-activity;sid:84330166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/earth_making_of_a_planet_national_geographic_worksheet.pdf"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467067/; classtype:trojan-activity;sid:84330167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467068)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exercice_vitesse_6eme_physique.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467068/; classtype:trojan-activity;sid:84330168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467069)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rapport_de_stage_3eme_agence_immobiliere.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467069/; classtype:trojan-activity;sid:84330169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/bisebinalujivefiwugagabu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467070/; classtype:trojan-activity;sid:84330170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467071)"; flow:established,from_client; content:"GET"; http_method; content:"/files/412d7e4a-f812-4b21-a355-b8b49d5d3f91/64420095339.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467071/; classtype:trojan-activity;sid:84330171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467064)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/miludafat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467064/; classtype:trojan-activity;sid:84330164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467061)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea6e6a77-ad86-47ad-bec1-a500695628d4/downloads/66906319004.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467061/; classtype:trojan-activity;sid:84330161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467062)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b77102f9-1066-4a92-8a14-af011902d081/downloads/75162502331.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467062/; classtype:trojan-activity;sid:84330162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mapisirukuw.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467063/; classtype:trojan-activity;sid:84330163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.226.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467056/; classtype:trojan-activity;sid:84330156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467057)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d43c418f-704a-4527-a04e-425d4e12dc00/83082529404.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467057/; classtype:trojan-activity;sid:84330157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/guzupuzuradadutov.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467058/; classtype:trojan-activity;sid:84330158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467059)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/teks_ratib_al_attas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467059/; classtype:trojan-activity;sid:84330159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/49693757117.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467060/; classtype:trojan-activity;sid:84330160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467050)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/sabre_red_workspace_commands.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467050/; classtype:trojan-activity;sid:84330150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6702c9de-d943-4d22-b78e-7985c91f7713/downloads/84525111813.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467051/; classtype:trojan-activity;sid:84330151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/26bbb7e6-2f83-462e-b1a0-c9b7b5a50d38/downloads/training_needs_assessment_questionnaire_for_sales.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467052/; classtype:trojan-activity;sid:84330152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/najovozulubameto.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467053/; classtype:trojan-activity;sid:84330153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/225bb15f-2915-4639-a3a1-bcedb142b1ef/downloads/letter_format_for_reply_to_show_cause_notice.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467054/; classtype:trojan-activity;sid:84330154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c718f9e1-28ba-4c02-b434-4456f7af09a8/downloads/masizaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467055/; classtype:trojan-activity;sid:84330155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467045)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0a1cb9a-d03c-4949-aa70-8624f1f28094/downloads/68698784677.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467045/; classtype:trojan-activity;sid:84330145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467046)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e99ac285-46ea-442f-9f35-5f2fd2847c2d/14821637163.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467046/; classtype:trojan-activity;sid:84330146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467047)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e158face-f6c5-456c-becc-12fc1466f597/temazazaludixuta.pdf"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467047/; classtype:trojan-activity;sid:84330147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.174.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467048/; classtype:trojan-activity;sid:84330148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/51274200809.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467049/; classtype:trojan-activity;sid:84330149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.156.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467043/; classtype:trojan-activity;sid:84330143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467044)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/rolinejagogid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467044/; classtype:trojan-activity;sid:84330144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.139.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467040/; classtype:trojan-activity;sid:84330140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467041)"; flow:established,from_client; content:"GET"; http_method; content:"/files/64cae09e-8a20-4210-b424-def39ee0626e/nusuxavewezazufomiponifo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467041/; classtype:trojan-activity;sid:84330141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467042)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/buxam.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467042/; classtype:trojan-activity;sid:84330142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467031)"; flow:established,from_client; content:"GET"; http_method; content:"/files/80aba5e9-606b-4cea-8967-716d1e52671b/fuwixutajujatapopadik.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467031/; classtype:trojan-activity;sid:84330131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/nokura.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467032/; classtype:trojan-activity;sid:84330132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/69da2f53-c229-4dc7-a889-7b67b52b1a78/downloads/nokejafowikazuvojoj.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467033/; classtype:trojan-activity;sid:84330133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.231.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467034/; classtype:trojan-activity;sid:84330134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467035)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e43067a0-6374-4a70-a00d-00ee3b01ce8d/downloads/93917384180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467035/; classtype:trojan-activity;sid:84330135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.156.30.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467036/; classtype:trojan-activity;sid:84330136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0336533-680f-4ead-a55e-7e292796b70a/downloads/veteluruxoge.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467037/; classtype:trojan-activity;sid:84330137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467038)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/donk.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467038/; classtype:trojan-activity;sid:84330138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.201.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467039/; classtype:trojan-activity;sid:84330139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sirijega.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467024/; classtype:trojan-activity;sid:84330124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c2804a6-aa9c-48a0-92fa-b4e2830d3e94/downloads/ladakh_tourist_map.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467025/; classtype:trojan-activity;sid:84330125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467026)"; flow:established,from_client; content:"GET"; http_method; content:"/files/a4616af2-940b-412d-87a8-afea7c94dcb6/34761864606.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467026/; classtype:trojan-activity;sid:84330126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc5e3c0a-70ce-48cf-a48d-87f83c6b3256/downloads/major_problems_in_african_american_history.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467027/; classtype:trojan-activity;sid:84330127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467028/; classtype:trojan-activity;sid:84330128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467029)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d38d43db-37ad-45ec-b237-63ac8c84a196/downloads/latovin.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467029/; classtype:trojan-activity;sid:84330129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.120.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467030/; classtype:trojan-activity;sid:84330130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c10f3982-2d8c-41ef-9c88-95b9c7e0984b/downloads/exagrid_admin_guide.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467018/; classtype:trojan-activity;sid:84330118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467019)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/2880955338.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467019/; classtype:trojan-activity;sid:84330119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f4350e3-635b-45ba-b69f-b1a7e95f309e/downloads/24638138520.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467020/; classtype:trojan-activity;sid:84330120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.151.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467021/; classtype:trojan-activity;sid:84330121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/54349718441.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467022/; classtype:trojan-activity;sid:84330122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/satyanarayan_puja_vidhi_in_sanskrit.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467023/; classtype:trojan-activity;sid:84330123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/sample_letter_to_be_excused_from_jury_service.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467016/; classtype:trojan-activity;sid:84330116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467017/; classtype:trojan-activity;sid:84330117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/vumemaxexepemetesa.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467011/; classtype:trojan-activity;sid:84330111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467012)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/95493308607.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467012/; classtype:trojan-activity;sid:84330112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467013)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/91589198920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467013/; classtype:trojan-activity;sid:84330113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/learn_korean_language_in_30_days.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467014/; classtype:trojan-activity;sid:84330114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/right_to_information_act_application_form_malayalam.pdf"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467015/; classtype:trojan-activity;sid:84330115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467005)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e06b939d-6198-4867-a691-4e09c4b86bda/ce96161a-0b01-4e03-8cc8-4fb30689218b.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467005/; classtype:trojan-activity;sid:84330105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zesowafasunufezef.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467006/; classtype:trojan-activity;sid:84330106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.247.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467007/; classtype:trojan-activity;sid:84330107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e46fb0c-8d21-4b8c-82fc-88315c96ddde/downloads/bevurusip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467008/; classtype:trojan-activity;sid:84330108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.176.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467009/; classtype:trojan-activity;sid:84330109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.76.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467010/; classtype:trojan-activity;sid:84330110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467001/; classtype:trojan-activity;sid:84330101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/zanozibiwakixubunifelok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467002/; classtype:trojan-activity;sid:84330102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467003)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/hbc_radiomatic_fse_727_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467003/; classtype:trojan-activity;sid:84330103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.64.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467004/; classtype:trojan-activity;sid:84330104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4335d81-d2e5-4638-9638-30640b1be91f/downloads/sofipidegib.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466999/; classtype:trojan-activity;sid:84330099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/54040f30-acd4-4a4c-a314-5c4c261b537d/downloads/printable_foods_high_in_uric_acid_chart.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467000/; classtype:trojan-activity;sid:84330100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/15318963311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466992/; classtype:trojan-activity;sid:84330092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0f7f4ed-2d7c-4134-aa94-503b1eb6600b/downloads/pagulabomezex.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466993/; classtype:trojan-activity;sid:84330093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466994)"; flow:established,from_client; content:"GET"; http_method; content:"/trabajo27f/27febrero/downloads/sosteff2025.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466994/; classtype:trojan-activity;sid:84330094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.194.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466995/; classtype:trojan-activity;sid:84330095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/katisugenifikipevas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466996/; classtype:trojan-activity;sid:84330096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/xowawetavudazinomo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466997/; classtype:trojan-activity;sid:84330097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.254.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466998/; classtype:trojan-activity;sid:84330098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7662afb9-5d02-4eb9-bd3b-6426a66215ee/downloads/2312138967.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466985/; classtype:trojan-activity;sid:84330085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/evaluation_geographie_6eme_habiter_une_metropole.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466986/; classtype:trojan-activity;sid:84330086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466987)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/kobumedigudopixemevuwef.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466987/; classtype:trojan-activity;sid:84330087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466988)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/donk.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466988/; classtype:trojan-activity;sid:84330088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/vadigoxevujo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466989/; classtype:trojan-activity;sid:84330089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466990)"; flow:established,from_client; content:"GET"; http_method; content:"/file/acd87057-89ba-4d40-9a84-d11d49828c24/d1eefbd4-0057-4c4e-b18e-f8b3c9c22a93.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466990/; classtype:trojan-activity;sid:84330090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/64414313920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466991/; classtype:trojan-activity;sid:84330091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466979)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/mizoxuloniwi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466979/; classtype:trojan-activity;sid:84330079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466980)"; flow:established,from_client; content:"GET"; http_method; content:"/files/afb2f868-e7ef-4a77-80da-778e2d0699f6/kabc-ii_nonverbal_interpretation_report.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466980/; classtype:trojan-activity;sid:84330080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.238.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466981/; classtype:trojan-activity;sid:84330081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466982)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a3ea09ad-3f42-4c12-b72d-37095efb713e/3726672088.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466982/; classtype:trojan-activity;sid:84330082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.180.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466983/; classtype:trojan-activity;sid:84330083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/66244318284.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466984/; classtype:trojan-activity;sid:84330084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/15247939327.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466971/; classtype:trojan-activity;sid:84330071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/example_of_a_lobola_letter_in_zulu.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466972/; classtype:trojan-activity;sid:84330072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466973)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea25ddad-ebb0-4880-b714-a3f2cdadcbd9/downloads/notas_de_dinheiro_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466973/; classtype:trojan-activity;sid:84330073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.12.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466974/; classtype:trojan-activity;sid:84330074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/606585da-2917-4da6-a9df-810ae6e7fbc1/downloads/asme_sec_8_div_1_appendix_8.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466975/; classtype:trojan-activity;sid:84330075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466976)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/segaxifalawanevake.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466976/; classtype:trojan-activity;sid:84330076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.177.151.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466977/; classtype:trojan-activity;sid:84330077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.234.147.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466978/; classtype:trojan-activity;sid:84330078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/3d_converter_for_autodesk_navisworks.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466968/; classtype:trojan-activity;sid:84330068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2c827e54-9a2c-449a-9d97-e20f9555c87a/downloads/pearson_iit_foundation_class_9_maths.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466969/; classtype:trojan-activity;sid:84330069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466970)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d2c6212-591e-450b-b673-947709e569a9/downloads/jidikegegudafipi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466970/; classtype:trojan-activity;sid:84330070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466964)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e4aaa877-8438-48ce-bcda-26ffe50aa7ec/sedosomusevak.pdf"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466964/; classtype:trojan-activity;sid:84330064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466965)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466965/; classtype:trojan-activity;sid:84330065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466966)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/gupira.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466966/; classtype:trojan-activity;sid:84330066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.58.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466967/; classtype:trojan-activity;sid:84330067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466962)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466962/; classtype:trojan-activity;sid:84330062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466963)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4eaad2ad-8916-4dd6-b685-bb3581bc1815/22871674342.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466963/; classtype:trojan-activity;sid:84330063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466958)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/79599984772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466958/; classtype:trojan-activity;sid:84330058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466959)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.darax.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466959/; classtype:trojan-activity;sid:84330059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466960)"; flow:established,from_client; content:"GET"; http_method; content:"/drive/62106.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"70.34.220.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466960/; classtype:trojan-activity;sid:84330060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466961)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5a743d68-f090-4d6e-887a-477ebc1383c3/58892416095.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466961/; classtype:trojan-activity;sid:84330061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466953)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.105.141.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466953/; classtype:trojan-activity;sid:84330053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.44.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466954/; classtype:trojan-activity;sid:84330054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466955)"; flow:established,from_client; content:"GET"; http_method; content:"/files/762003d1-8793-45c6-93d3-a57c879442fe/riba_practical_completion_certificate_template.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466955/; classtype:trojan-activity;sid:84330055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466956/; classtype:trojan-activity;sid:84330056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/actaris_meter_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466957/; classtype:trojan-activity;sid:84330057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466945/; classtype:trojan-activity;sid:84330045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/passaic_county_technical_institute_salary_guide.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466946/; classtype:trojan-activity;sid:84330046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466947)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.73.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466947/; classtype:trojan-activity;sid:84330047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466948)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7654f42c-9e6d-4471-88de-87deca8648b5/lilolef.pdf"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466948/; classtype:trojan-activity;sid:84330048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466949)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a24b80ca-38e4-4655-88ab-28af06c3f1d5/vobiketumuripiz.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466949/; classtype:trojan-activity;sid:84330049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466950)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0c2227e9-a807-4022-9307-9c68c8629142/downloads/59021495355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466950/; classtype:trojan-activity;sid:84330050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3abea8f6-1776-4586-b4e6-47b414d29e30/downloads/mozosadoboligemuwisuwet.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466951/; classtype:trojan-activity;sid:84330051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466952)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/malaysia_company_employee_handbook.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466952/; classtype:trojan-activity;sid:84330052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466936)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466936/; classtype:trojan-activity;sid:84330036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/988c0021-e131-496b-8725-ae310052894b/downloads/berakigevep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466937/; classtype:trojan-activity;sid:84330037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/87631223928.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466938/; classtype:trojan-activity;sid:84330038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466939)"; flow:established,from_client; content:"GET"; http_method; content:"/wquhobry/dwrkpmgypbhzojdqurqj189.bin"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gj32.online"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466939/; classtype:trojan-activity;sid:84330039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.36.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466940/; classtype:trojan-activity;sid:84330040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466941)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/majisumilorenanevivo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466941/; classtype:trojan-activity;sid:84330041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466942)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5e86aff1-4a78-48ac-aae4-1050601cd579/nexadupewirarine.pdf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466942/; classtype:trojan-activity;sid:84330042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.201.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466943/; classtype:trojan-activity;sid:84330043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466944)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/risukepidupapa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466944/; classtype:trojan-activity;sid:84330044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c272bee0-a4e4-45f4-a8ce-0b066973e0cb/downloads/gateman_wk_20_english_manual.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466933/; classtype:trojan-activity;sid:84330033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466934)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/koxid.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466934/; classtype:trojan-activity;sid:84330034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/sasufazovosonufowam.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466935/; classtype:trojan-activity;sid:84330035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466929)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6554737977.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466929/; classtype:trojan-activity;sid:84330029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466930/; classtype:trojan-activity;sid:84330030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/42942412664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466931/; classtype:trojan-activity;sid:84330031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466932)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e073a688-e477-4ba8-9556-532b2ae04ab8/gidujopox.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466932/; classtype:trojan-activity;sid:84330032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466926)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/donk.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466926/; classtype:trojan-activity;sid:84330026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466927)"; flow:established,from_client; content:"GET"; http_method; content:"/files/620caebc-c5a7-4d87-ab2e-e587bc03194c/elizabeth-modeling-dvds.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466927/; classtype:trojan-activity;sid:84330027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466928)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/43589756342.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466928/; classtype:trojan-activity;sid:84330028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466922)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/document-bz102600153.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"625348.na2.to"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466922/; classtype:trojan-activity;sid:84330022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466923)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/juporuko.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466923/; classtype:trojan-activity;sid:84330023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1d231bc1-15b8-4d3d-b451-c05909392126/downloads/71014366481.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466924/; classtype:trojan-activity;sid:84330024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466925)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c4890fd8-d38b-4d6d-9df7-d824b0530e7c/tazazifunuzowaxopirig.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466925/; classtype:trojan-activity;sid:84330025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466920)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/29389545569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466920/; classtype:trojan-activity;sid:84330020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.12.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466921/; classtype:trojan-activity;sid:84330021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466914)"; flow:established,from_client; content:"GET"; http_method; content:"/files/faad27e0-3338-4c45-82de-41abe68bac5a/gorojawifesesaj.pdf"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466914/; classtype:trojan-activity;sid:84330014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/jebagokapinezax.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466915/; classtype:trojan-activity;sid:84330015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/85747587751.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466916/; classtype:trojan-activity;sid:84330016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466917)"; flow:established,from_client; content:"GET"; http_method; content:"/files/42e33a30-e31b-4ca5-b795-dfefd4cc65bd/46790526381.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466917/; classtype:trojan-activity;sid:84330017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466918)"; flow:established,from_client; content:"GET"; http_method; content:"/files/c72b78cc-b638-4d5d-a335-9db45956cd89/effective_writing_a_handbook_for_accountants_11th_edition_free.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466918/; classtype:trojan-activity;sid:84330018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/ending_a_lease_letter_to_landlord.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466919/; classtype:trojan-activity;sid:84330019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466907)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/donk.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466907/; classtype:trojan-activity;sid:84330007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466908)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/4446494/normal_5fcfa4eb8097f.pdf"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"static.s123-cdn-static.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466908/; classtype:trojan-activity;sid:84330008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/possession_letter_format_from_builder.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466909/; classtype:trojan-activity;sid:84330009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/mopuma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466910/; classtype:trojan-activity;sid:84330010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466911)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a618ca0f-2608-47c2-ab22-bbc2ca127bb7/downloads/saziva.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466911/; classtype:trojan-activity;sid:84330011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/229e00b6-6232-4273-bd27-55f919ca28b8/downloads/financas_corporativas_teoria_e_pratica.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466912/; classtype:trojan-activity;sid:84330012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466913)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/76c40511-888a-4b14-bb65-87429974a9ff/downloads/gemotukuwitawusagulobez.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466913/; classtype:trojan-activity;sid:84330013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vupenamubow.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466903/; classtype:trojan-activity;sid:84330003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/10269055308.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466904/; classtype:trojan-activity;sid:84330004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/21711123451.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466905/; classtype:trojan-activity;sid:84330005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466906)"; flow:established,from_client; content:"GET"; http_method; content:"/file/236bc409-fd49-4860-b4c9-b1bc468b305e/madekinojaxufufox.pdf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466906/; classtype:trojan-activity;sid:84330006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466899)"; flow:established,from_client; content:"GET"; http_method; content:"/file/88f4d9aa-8f15-41f0-b40c-8dd8494e2b41/b3e685fd-5478-43ce-9410-de1f9e9d4e0e.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466899/; classtype:trojan-activity;sid:84329999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466900)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/14203617612.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466900/; classtype:trojan-activity;sid:84330000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466901)"; flow:established,from_client; content:"GET"; http_method; content:"/files/99c26874-5395-44d5-8112-74e542bc30d1/95854878677.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466901/; classtype:trojan-activity;sid:84330001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466902)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4ad6e04-69d1-4aa9-ba9f-c194e0ac5eef/downloads/lotavawofasopupe.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466902/; classtype:trojan-activity;sid:84330002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/mental_state_examination_checklist.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466898/; classtype:trojan-activity;sid:84329998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.104.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466891/; classtype:trojan-activity;sid:84329991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466892/; classtype:trojan-activity;sid:84329992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e5728c18-e5b3-4c69-bf59-a4be42aea8ac/downloads/22515332125.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466893/; classtype:trojan-activity;sid:84329993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466894)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/metso_neles_positioner_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466894/; classtype:trojan-activity;sid:84329994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466895)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/9840498620.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466895/; classtype:trojan-activity;sid:84329995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466896)"; flow:established,from_client; content:"GET"; http_method; content:"/files/328fa0cc-1bc7-4539-b6ab-1ffd6db0dee9/california_well_standards_74-90.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466896/; classtype:trojan-activity;sid:84329996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3fffd8a4-4d1d-42f8-a3e8-f124f6724c06/downloads/kejawisenukasi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466897/; classtype:trojan-activity;sid:84329997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466884)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2909de7c-df30-4617-83fe-350602296a8d/kekulimasij.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466884/; classtype:trojan-activity;sid:84329984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72065953692.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466885/; classtype:trojan-activity;sid:84329985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.119.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466886/; classtype:trojan-activity;sid:84329986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.238.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466887/; classtype:trojan-activity;sid:84329987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466888/; classtype:trojan-activity;sid:84329988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466889/; classtype:trojan-activity;sid:84329989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466890)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ecb10a4-49e9-4fe5-a6bc-f0f227949dd2/downloads/60627448414.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466890/; classtype:trojan-activity;sid:84329990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466879)"; flow:established,from_client; content:"GET"; http_method; content:"/file/91abf9b0-1f26-49f4-b662-3cdd241b8026/sexotivitakinibub.pdf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466879/; classtype:trojan-activity;sid:84329979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466880)"; flow:established,from_client; content:"GET"; http_method; content:"/jew.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.148.10.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466880/; classtype:trojan-activity;sid:84329980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/ramevedasap.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466881/; classtype:trojan-activity;sid:84329981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/67882203250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466882/; classtype:trojan-activity;sid:84329982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.174.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466883/; classtype:trojan-activity;sid:84329983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466877)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/df312c7d-f650-4c0e-a98f-02aee1a43694/downloads/77125885812.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466877/; classtype:trojan-activity;sid:84329977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.50.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466878/; classtype:trojan-activity;sid:84329978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/27721436213.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466864/; classtype:trojan-activity;sid:84329964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.244.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466865/; classtype:trojan-activity;sid:84329965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6abf7f7e-d12c-48f3-aa9a-703f4ccff8d7/downloads/81403469667.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466866/; classtype:trojan-activity;sid:84329966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466867)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.11.212.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466867/; classtype:trojan-activity;sid:84329967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466868/; classtype:trojan-activity;sid:84329968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466869)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zikirifusotuxusomel.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466869/; classtype:trojan-activity;sid:84329969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/antibiotic_sensitivity_chart_sanford_guide.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466870/; classtype:trojan-activity;sid:84329970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.44.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466871/; classtype:trojan-activity;sid:84329971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c8a6489-894f-4446-8722-19ef31b6a173/downloads/26803015720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466872/; classtype:trojan-activity;sid:84329972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4d2b55bf-cda3-4071-bf2e-8c27282b789f/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466873/; classtype:trojan-activity;sid:84329973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466874/; classtype:trojan-activity;sid:84329974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/10387443769.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466875/; classtype:trojan-activity;sid:84329975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zasuporuxumuza.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466876/; classtype:trojan-activity;sid:84329976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466861)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/77235011630.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466861/; classtype:trojan-activity;sid:84329961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466862/; classtype:trojan-activity;sid:84329962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466863)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/luvuges.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466863/; classtype:trojan-activity;sid:84329963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466857)"; flow:established,from_client; content:"GET"; http_method; content:"/file/76b02533-6ebc-4909-95c7-e04ec4dca417/mogokowetazujokizagasijad.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466857/; classtype:trojan-activity;sid:84329957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466858)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tovidesukowoxam.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466858/; classtype:trojan-activity;sid:84329958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466859)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5a93100-d349-4291-8bce-18547efeb268/downloads/14773335318.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466859/; classtype:trojan-activity;sid:84329959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466860)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a2a55273-3507-4128-8b6e-5245d44d7a21/47211029252.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466860/; classtype:trojan-activity;sid:84329960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.165.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466854/; classtype:trojan-activity;sid:84329954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.186.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466855/; classtype:trojan-activity;sid:84329955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466856)"; flow:established,from_client; content:"GET"; http_method; content:"/files/69fc98d3-bcf8-4169-8b2a-d2de5ddb6de7/vasogibajuw.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466856/; classtype:trojan-activity;sid:84329956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/xijawef.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466845/; classtype:trojan-activity;sid:84329945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466846)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6301bc9-fbf1-4861-936b-8ce401d46d09/downloads/non_renewal_of_contract_letter_sample.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466846/; classtype:trojan-activity;sid:84329946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/75925905792.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466847/; classtype:trojan-activity;sid:84329947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/561eb1da-cbac-4811-84b8-e841d63e56cb/downloads/fomogivazugararux.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466848/; classtype:trojan-activity;sid:84329948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466849)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3ccd9234-721c-480b-91a1-84bae34c2069/downloads/votudomafuze.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466849/; classtype:trojan-activity;sid:84329949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466850)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f1542a1d-f77d-4e57-b82e-43524f376ac3/mujimuji.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466850/; classtype:trojan-activity;sid:84329950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466851)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ed3e7e73-6deb-4ec1-95e4-868a6659fe93/downloads/manning_guide_hotel_sample.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466851/; classtype:trojan-activity;sid:84329951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/45596981954.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466852/; classtype:trojan-activity;sid:84329952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tilovapexof.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466853/; classtype:trojan-activity;sid:84329953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466837)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e1d78bef-e2f6-4f21-a1ca-43ca051c500a/d2b6676d-fc46-4a9a-ac9e-d70b37396034.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466837/; classtype:trojan-activity;sid:84329937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466838)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/najufijirubedejalu.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466838/; classtype:trojan-activity;sid:84329938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/ludejawirusoxodofe.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466839/; classtype:trojan-activity;sid:84329939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466840)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6666768f-a52f-479a-9285-f821d20ed1c5/3ce3c2df-679f-4680-99aa-b1bae89bb302.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466840/; classtype:trojan-activity;sid:84329940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466841)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8481709d-06fb-4f3b-a45a-5bd729c90984/conagher-507.pdf"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466841/; classtype:trojan-activity;sid:84329941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.36.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466842/; classtype:trojan-activity;sid:84329942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/4959938645.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466843/; classtype:trojan-activity;sid:84329943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.104.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466844/; classtype:trojan-activity;sid:84329944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466834)"; flow:established,from_client; content:"GET"; http_method; content:"/file/3157c725-9a49-4e63-9e8a-d016fee15283/pipopud.pdf"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466834/; classtype:trojan-activity;sid:84329934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466835)"; flow:established,from_client; content:"GET"; http_method; content:"/file/bf59fdca-2aa4-42cd-a919-882bb7bc6f2c/29827870037.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466835/; classtype:trojan-activity;sid:84329935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466836)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f5c18db8-9260-49d7-8078-1edeea3b9cf4/00b00c27-5fc7-4e3f-ae89-c66df11fee99.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466836/; classtype:trojan-activity;sid:84329936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/98085965001.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466832/; classtype:trojan-activity;sid:84329932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dasuxugolod.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466833/; classtype:trojan-activity;sid:84329933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466826)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d71aa6b0-95bf-4899-bd03-af6df24aeb39/8b46dd88-56c7-44bb-bfba-54f1cb76aa53.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466826/; classtype:trojan-activity;sid:84329926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/attestation_de_non_affiliation_cnas_algerie.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466827/; classtype:trojan-activity;sid:84329927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/vw_gehaltstabelle_2022.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466828/; classtype:trojan-activity;sid:84329928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466829)"; flow:established,from_client; content:"GET"; http_method; content:"/vvglma"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466829/; classtype:trojan-activity;sid:84329929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nidugapageru.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466830/; classtype:trojan-activity;sid:84329930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6f33080-7dde-4e51-88ef-59c9fd931fca/downloads/latoletevuwogerovug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466831/; classtype:trojan-activity;sid:84329931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466817)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b820df61-485b-4968-a051-ba7a4ed3c7b3/3907630768.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466817/; classtype:trojan-activity;sid:84329917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466818)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/40119004199.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466818/; classtype:trojan-activity;sid:84329918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466819/; classtype:trojan-activity;sid:84329919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.98.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466820/; classtype:trojan-activity;sid:84329920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466821)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/donk.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466821/; classtype:trojan-activity;sid:84329921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466822)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/talivejo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466822/; classtype:trojan-activity;sid:84329922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466823)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6ca776f4-728c-4ada-ac0c-3a50795c5461/raratijazovazezakulokosa.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466823/; classtype:trojan-activity;sid:84329923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466824)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/ansul_piranha_system_installation_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466824/; classtype:trojan-activity;sid:84329924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466825)"; flow:established,from_client; content:"GET"; http_method; content:"/files/c6544197-e0cb-4715-912a-71badcb3c305/10446473576.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466825/; classtype:trojan-activity;sid:84329925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466809/; classtype:trojan-activity;sid:84329909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466810/; classtype:trojan-activity;sid:84329910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.135.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466811/; classtype:trojan-activity;sid:84329911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466812)"; flow:established,from_client; content:"GET"; http_method; content:"/file/07d68bb3-a625-447a-8b28-87490673e7f8/52370747806.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466812/; classtype:trojan-activity;sid:84329912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466813)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/scada_system_architecture.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466813/; classtype:trojan-activity;sid:84329913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/63541235931.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466814/; classtype:trojan-activity;sid:84329914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.193.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466815/; classtype:trojan-activity;sid:84329915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466816)"; flow:established,from_client; content:"GET"; http_method; content:"/files/432a12dd-d23b-4b3d-8e0d-aef3b7eec032/58598667338.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466816/; classtype:trojan-activity;sid:84329916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/gaylord_texan_hotel_map.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466802/; classtype:trojan-activity;sid:84329902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466803)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/laxokuzigurebudisinatonu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466803/; classtype:trojan-activity;sid:84329903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466804)"; flow:established,from_client; content:"GET"; http_method; content:"/file/613c27a7-a1a5-4819-91c9-f5dfb148968b/fevavukebudemegiwajuba.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466804/; classtype:trojan-activity;sid:84329904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466805)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/kojutaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466805/; classtype:trojan-activity;sid:84329905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.80.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466806/; classtype:trojan-activity;sid:84329906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.135.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466807/; classtype:trojan-activity;sid:84329907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466808)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/civil_engineer_experience_certificate_word_format.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466808/; classtype:trojan-activity;sid:84329908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/55d28ff0-9d0b-42b4-8190-887f90038148/downloads/gimisomogaro.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466799/; classtype:trojan-activity;sid:84329899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466800)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/how_to_write_a_letter_to_society_for_car_parking.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466800/; classtype:trojan-activity;sid:84329900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466801)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78dac1c1-e6f9-4066-ad39-7cbcdc39e651/downloads/93448099882.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466801/; classtype:trojan-activity;sid:84329901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466793)"; flow:established,from_client; content:"GET"; http_method; content:"/qvmxvl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466793/; classtype:trojan-activity;sid:84329893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466794)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/payment_under_protest_letter_sample.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466794/; classtype:trojan-activity;sid:84329894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466795)"; flow:established,from_client; content:"GET"; http_method; content:"/file/de58bdc3-7e9b-4fb2-b570-9c648dff6df7/91765407934.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466795/; classtype:trojan-activity;sid:84329895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466796)"; flow:established,from_client; content:"GET"; http_method; content:"/file/04a00391-7f21-42b6-a059-1bf5367b63fb/35693380172.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466796/; classtype:trojan-activity;sid:84329896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466797)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/43447829480.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466797/; classtype:trojan-activity;sid:84329897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/97374790135.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466798/; classtype:trojan-activity;sid:84329898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466788)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/71423402684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466788/; classtype:trojan-activity;sid:84329888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.200.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466789/; classtype:trojan-activity;sid:84329889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c9ed0ab-abf7-4895-9a79-d81e87aed60a/downloads/nezumizegorazulamalit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466790/; classtype:trojan-activity;sid:84329890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a4c519f1-5301-485e-9e9c-56d1397df289/downloads/79371210580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466791/; classtype:trojan-activity;sid:84329891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kekososiwixokaz.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466792/; classtype:trojan-activity;sid:84329892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/14889765830.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466778/; classtype:trojan-activity;sid:84329878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rikisiwudepelapopazi.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466779/; classtype:trojan-activity;sid:84329879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.120.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466780/; classtype:trojan-activity;sid:84329880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/boriwivamafegujiser.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466781/; classtype:trojan-activity;sid:84329881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/seaworld_donation_request_orlando.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466782/; classtype:trojan-activity;sid:84329882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.226.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466783/; classtype:trojan-activity;sid:84329883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466784)"; flow:established,from_client; content:"GET"; http_method; content:"/file/daaed010-2523-45d1-bf4c-17cfb66f162c/3ff6d03e-59c1-48fe-8741-0d16ea6313d5.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466784/; classtype:trojan-activity;sid:84329884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466785)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c423b818-b8cb-4977-b5c6-19aef85bbb27/66775733687.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466785/; classtype:trojan-activity;sid:84329885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/schumacher_battery_charger_parts_se-4022.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466786/; classtype:trojan-activity;sid:84329886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d83328cf-50de-409a-9bf6-de7a48f66ed6/downloads/40650293844.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466787/; classtype:trojan-activity;sid:84329887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.156.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466776/; classtype:trojan-activity;sid:84329876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/ap_cm_relief_fund_application_process.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466777/; classtype:trojan-activity;sid:84329877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/narigokukeminozitema.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466768/; classtype:trojan-activity;sid:84329868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.143.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466769/; classtype:trojan-activity;sid:84329869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466770)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/32231114245.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466770/; classtype:trojan-activity;sid:84329870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa0b65d5-8cfc-4875-922a-b490488b42be/downloads/schmersal_de-_42279_datasheet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466771/; classtype:trojan-activity;sid:84329871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/checklist_format_for_housekeeping_in_hospital.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466772/; classtype:trojan-activity;sid:84329872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/91812224211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466773/; classtype:trojan-activity;sid:84329873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466774)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/rizepigarebovubugebo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466774/; classtype:trojan-activity;sid:84329874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466775)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/kawopixar.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466775/; classtype:trojan-activity;sid:84329875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466765/; classtype:trojan-activity;sid:84329865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466766)"; flow:established,from_client; content:"GET"; http_method; content:"/files/d6daca3c-d151-4a63-80a7-d8fc0f846138/rivisevama.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466766/; classtype:trojan-activity;sid:84329866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466767)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/58311665155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466767/; classtype:trojan-activity;sid:84329867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/93503353547.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466763/; classtype:trojan-activity;sid:84329863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6974f1eb-71bf-4f90-8572-d8ac4e4f765d/downloads/wazakovefonetak.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466764/; classtype:trojan-activity;sid:84329864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466757)"; flow:established,from_client; content:"GET"; http_method; content:"/files/15d1d20b-bd19-4462-ab9b-100c194db7ba/95895431258.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466757/; classtype:trojan-activity;sid:84329857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9978fe41-dbcb-4b88-8a80-a839de3f86b5/downloads/42576721881.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466758/; classtype:trojan-activity;sid:84329858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466759)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/73769466656.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466759/; classtype:trojan-activity;sid:84329859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.179.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466760/; classtype:trojan-activity;sid:84329860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/suvuraxelikubok.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466761/; classtype:trojan-activity;sid:84329861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e09336e-0817-489c-96db-d43d5fd51fc4/downloads/i9_birth_certificate_example.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466762/; classtype:trojan-activity;sid:84329862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466749)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4406c861-8cce-4413-be16-370c75d67035/65c3b966-e0bb-4c84-b12d-d22252b9667e.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466749/; classtype:trojan-activity;sid:84329849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466750)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/stromer_st1_owners_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466750/; classtype:trojan-activity;sid:84329850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466751)"; flow:established,from_client; content:"GET"; http_method; content:"/file/01466f9a-ed9b-43a3-b6f0-b8f75d840c51/24287626956.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466751/; classtype:trojan-activity;sid:84329851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466752)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d834b5d9-fab6-47bb-9beb-8e46100f7320/28088978223.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466752/; classtype:trojan-activity;sid:84329852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/7215421885.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466753/; classtype:trojan-activity;sid:84329853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466754)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/37979647215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466754/; classtype:trojan-activity;sid:84329854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/tejovejujepotobafoba.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466755/; classtype:trojan-activity;sid:84329855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466756)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/43947647531.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466756/; classtype:trojan-activity;sid:84329856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.226.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466746/; classtype:trojan-activity;sid:84329846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/97640682614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466747/; classtype:trojan-activity;sid:84329847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466748)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ec5b631-127b-4a5e-84ff-7de19674a208/downloads/daxukipavibipukoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466748/; classtype:trojan-activity;sid:84329848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.99.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466739/; classtype:trojan-activity;sid:84329839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/66a9f463-0ae0-4403-bef2-3061bb9e36ef/downloads/rate_list_of_test_in_dr.lal_pathlabs.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466740/; classtype:trojan-activity;sid:84329840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466741)"; flow:established,from_client; content:"GET"; http_method; content:"/file/16939205-0ae1-4070-9408-12fe84c09f99/zetikoxogurup.pdf"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466741/; classtype:trojan-activity;sid:84329841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c8939508-8a93-4f90-8b11-ddca3342e83a/downloads/4803379677.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466742/; classtype:trojan-activity;sid:84329842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.128.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466743/; classtype:trojan-activity;sid:84329843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466744)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e6112e62-980c-476b-b2e4-211915946e64/69503964927.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466744/; classtype:trojan-activity;sid:84329844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466745)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/taski_procarpet_45_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466745/; classtype:trojan-activity;sid:84329845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466738)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gomik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466738/; classtype:trojan-activity;sid:84329838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466736)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ef27ce0e-c911-4d37-baad-bea065e796b8/downloads/kirekafusofo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466736/; classtype:trojan-activity;sid:84329836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466737)"; flow:established,from_client; content:"GET"; http_method; content:"/files/9a92fa40-82e7-4e22-a3c3-15e37324571a/pmp_flash_cards_free_download.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466737/; classtype:trojan-activity;sid:84329837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466732)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wiremabodopigotaf.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466732/; classtype:trojan-activity;sid:84329832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466733)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/67856105857.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466733/; classtype:trojan-activity;sid:84329833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466734)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/rubetugetafapojopodibom.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466734/; classtype:trojan-activity;sid:84329834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466735)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466735/; classtype:trojan-activity;sid:84329835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.120.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466722/; classtype:trojan-activity;sid:84329822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466723/; classtype:trojan-activity;sid:84329823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/3048437595.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466724/; classtype:trojan-activity;sid:84329824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466725)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d2e52a06-f171-45b0-a514-5fdbbf9a6478/pemadulepodisi.pdf"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466725/; classtype:trojan-activity;sid:84329825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466726)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc370600-8080-4216-8e6c-52a7f34eeccf/downloads/iso_weld_symbols_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466726/; classtype:trojan-activity;sid:84329826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466727)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8cdca16f-e4e1-4310-83ba-fbe0b3757078/3b46be51-f80c-4bfb-b725-1d927c5f153b.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466727/; classtype:trojan-activity;sid:84329827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466728)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47b969d8-0664-43a5-a1cb-4ec8411e9eef/downloads/powerflex_755_user_manual_espanol.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466728/; classtype:trojan-activity;sid:84329828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7539d3e4-198a-4c91-addc-38e6066bfe55/downloads/2305786492.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466729/; classtype:trojan-activity;sid:84329829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466730)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/kangwon_land_inc_annual_report.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466730/; classtype:trojan-activity;sid:84329830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/wanigukanewalew.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466731/; classtype:trojan-activity;sid:84329831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.80.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466714/; classtype:trojan-activity;sid:84329814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/watiwime.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466715/; classtype:trojan-activity;sid:84329815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/638993752.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466716/; classtype:trojan-activity;sid:84329816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/milagetuxinofu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466717/; classtype:trojan-activity;sid:84329817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.84.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466718/; classtype:trojan-activity;sid:84329818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/51295545026.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466719/; classtype:trojan-activity;sid:84329819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466720)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xezumiriruko.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466720/; classtype:trojan-activity;sid:84329820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/cleavage_front_row_amy_measurements.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466721/; classtype:trojan-activity;sid:84329821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/diamond_sieve_chart.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466708/; classtype:trojan-activity;sid:84329808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466709)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466709/; classtype:trojan-activity;sid:84329809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09b152c4-bf66-44a7-8224-2992cea3ed0a/downloads/sample_indian_renunciation_form.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466710/; classtype:trojan-activity;sid:84329810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/pelebesepasirokirefukew.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466711/; classtype:trojan-activity;sid:84329811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466712)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/455fd801-8453-4cfe-b6ee-1af9e2a627f6/downloads/7558215776.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466712/; classtype:trojan-activity;sid:84329812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466713)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/50787175728.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466713/; classtype:trojan-activity;sid:84329813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466706)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/rotem_sigma_user_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466706/; classtype:trojan-activity;sid:84329806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466707)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.vykyv.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466707/; classtype:trojan-activity;sid:84329807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466704)"; flow:established,from_client; content:"GET"; http_method; content:"/file/3ad8c125-9a49-445f-a22b-09e5a4e6749f/a4604145-ac87-4aad-af8e-bc809b32e43a.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466704/; classtype:trojan-activity;sid:84329804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466705)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/lista_de_verbos_em_italiano.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466705/; classtype:trojan-activity;sid:84329805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.129.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466699/; classtype:trojan-activity;sid:84329799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.145.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466700/; classtype:trojan-activity;sid:84329800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466701)"; flow:established,from_client; content:"GET"; http_method; content:"/files/584b927c-b72a-4406-a766-0a4ab2d2ccc5/60831220385.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466701/; classtype:trojan-activity;sid:84329801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a580c741-29a0-435a-a011-6aa538a5edae/downloads/25870917787.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466702/; classtype:trojan-activity;sid:84329802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466703)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d0f7ce41-0859-4a6f-8c9e-d5fd6df825f6/vogesomipekixiwin.pdf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466703/; classtype:trojan-activity;sid:84329803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466692/; classtype:trojan-activity;sid:84329792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466693)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.43.237.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466693/; classtype:trojan-activity;sid:84329793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/siwetofulugo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466694/; classtype:trojan-activity;sid:84329794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0739216d-b619-42bb-83b4-7432b4331862/downloads/26798739628.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466695/; classtype:trojan-activity;sid:84329795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466696)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/23513409250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466696/; classtype:trojan-activity;sid:84329796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/the_long_dark_crumbling_highway_map.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466697/; classtype:trojan-activity;sid:84329797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466698)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/92332863676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466698/; classtype:trojan-activity;sid:84329798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c633c3b-7c73-43a9-a161-0e7459f617b4/downloads/popajuzokovuluboz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466682/; classtype:trojan-activity;sid:84329782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.36.146.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466683/; classtype:trojan-activity;sid:84329783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466684)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/6759358871.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466684/; classtype:trojan-activity;sid:84329784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.9.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466685/; classtype:trojan-activity;sid:84329785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466686)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/gelumoxosudasikaxo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466686/; classtype:trojan-activity;sid:84329786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466687)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/47722224691.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466687/; classtype:trojan-activity;sid:84329787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466688)"; flow:established,from_client; content:"GET"; http_method; content:"/file/06fb15e4-4327-4766-8bf7-d76e2e134b5c/69517624213.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466688/; classtype:trojan-activity;sid:84329788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466689)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/57326063662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466689/; classtype:trojan-activity;sid:84329789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466690)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8aa13dbf-c0c5-4fe7-ae15-62e5c33a20e4/downloads/hewlett-packard_18e7_motherboard_specs.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466690/; classtype:trojan-activity;sid:84329790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/porebejotenojudud.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466691/; classtype:trojan-activity;sid:84329791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466680)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a2fcdb32-f724-434c-b1cd-b1f61360d9e4/27628974287.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466680/; classtype:trojan-activity;sid:84329780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466681)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/duff_and_phelps_size_premium_2022.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466681/; classtype:trojan-activity;sid:84329781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466674)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pass_the_pigs_scoring_sheet.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466674/; classtype:trojan-activity;sid:84329774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.83.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466675/; classtype:trojan-activity;sid:84329775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.188.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466676/; classtype:trojan-activity;sid:84329776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.196.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466677/; classtype:trojan-activity;sid:84329777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.181.146.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466678/; classtype:trojan-activity;sid:84329778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ae40ccb-f0fa-4b6b-bfcc-06032a30498c/downloads/logical_thinking_worksheets_for_kindergarten.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466679/; classtype:trojan-activity;sid:84329779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.107.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466672/; classtype:trojan-activity;sid:84329772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466673/; classtype:trojan-activity;sid:84329773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466670)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/151743582.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466670/; classtype:trojan-activity;sid:84329770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/13792310994.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466671/; classtype:trojan-activity;sid:84329771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/cessna_172_instrument_panel_layout.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466666/; classtype:trojan-activity;sid:84329766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/24459864622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466667/; classtype:trojan-activity;sid:84329767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.18.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466668/; classtype:trojan-activity;sid:84329768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466669)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7b570e0a-5c6f-4632-92f8-427718116647/8fa4a45a-39ba-4faa-997c-a1daa531a39f.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466669/; classtype:trojan-activity;sid:84329769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.64.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466656/; classtype:trojan-activity;sid:84329756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.234.177.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466657/; classtype:trojan-activity;sid:84329757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466658)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/10451479360.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466658/; classtype:trojan-activity;sid:84329758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466659)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/sap_fico_cutover_activities.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466659/; classtype:trojan-activity;sid:84329759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.82.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466660/; classtype:trojan-activity;sid:84329760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.71.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466661/; classtype:trojan-activity;sid:84329761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466662)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/98444125074.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466662/; classtype:trojan-activity;sid:84329762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/686c0a2e-9a90-4936-9f96-7d72f3c65f03/downloads/54960661120.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466663/; classtype:trojan-activity;sid:84329763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/3262231356.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466664/; classtype:trojan-activity;sid:84329764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466665)"; flow:established,from_client; content:"GET"; http_method; content:"/fwdfvf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466665/; classtype:trojan-activity;sid:84329765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/48abcf9e-0b21-4238-8d78-3ebbf800a93e/nokil.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466647/; classtype:trojan-activity;sid:84329747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/livro_pesquisa_bibliografica.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466648/; classtype:trojan-activity;sid:84329748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.10.13"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466649/; classtype:trojan-activity;sid:84329749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466650)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/37ff6e83-e399-4f09-b7f3-13b9438039c2/downloads/54456550535.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466650/; classtype:trojan-activity;sid:84329750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466651)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2f1d7a54-0281-4ce5-8a4b-4f7d0a3429f4/26400833026.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466651/; classtype:trojan-activity;sid:84329751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/request_letter_format_in_marathi_language.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466652/; classtype:trojan-activity;sid:84329752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466653)"; flow:established,from_client; content:"GET"; http_method; content:"/file/28421009-b919-40b2-a899-3d9054ec93e4/puvuranesifigux.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466653/; classtype:trojan-activity;sid:84329753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.253.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466654/; classtype:trojan-activity;sid:84329754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466655)"; flow:established,from_client; content:"GET"; http_method; content:"/file/79079200-d1b4-4024-9f62-36e242ece1fd/27090478145.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466655/; classtype:trojan-activity;sid:84329755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466645)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5809a244-7d90-46f4-9de4-ee86dda3a2de/downloads/evaluation_emc_6eme_devenir_collegien.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466645/; classtype:trojan-activity;sid:84329745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466646)"; flow:established,from_client; content:"GET"; http_method; content:"/files/acf8afa7-8967-4cb8-8178-f7fa2b9e547a/frustration-aggression_theory.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466646/; classtype:trojan-activity;sid:84329746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd809168-aa55-4437-9a0e-42447fbc16fd/downloads/22731947285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466640/; classtype:trojan-activity;sid:84329740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/hypothecation_cancellation_request_letter_format.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466641/; classtype:trojan-activity;sid:84329741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/182ae1b8-0b64-4790-be7b-698d5e8b3d57/downloads/gidatigexapufalumiwolagad.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466642/; classtype:trojan-activity;sid:84329742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466643)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6d7202e1-15ae-48b3-bf82-0aba0ce55453/soweta.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466643/; classtype:trojan-activity;sid:84329743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466644)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ab61a1cc-7fbd-4bf2-b976-084e681e13c8/3c5412e7-112e-4402-baca-2a98eda5b5d2.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466644/; classtype:trojan-activity;sid:84329744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466634)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/aocs_official_method_ce_1b_89.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466634/; classtype:trojan-activity;sid:84329734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pigogini.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466635/; classtype:trojan-activity;sid:84329735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466636)"; flow:established,from_client; content:"GET"; http_method; content:"/files/b9a73850-0c8f-4339-a067-dcad2aea7827/jobs-to-be-done-a-roadmap-for-customer-centered-innovation-40.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466636/; classtype:trojan-activity;sid:84329736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466637)"; flow:established,from_client; content:"GET"; http_method; content:"/file/3f1c8dc1-5532-4250-a65a-6a6177f789fa/20707007191.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466637/; classtype:trojan-activity;sid:84329737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.99.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466638/; classtype:trojan-activity;sid:84329738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466639)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ab158387-fd14-4136-be83-18d2feafd209/downloads/regonadafufosofujerijasur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466639/; classtype:trojan-activity;sid:84329739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466624)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/donk.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466624/; classtype:trojan-activity;sid:84329724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xewegemodigu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466625/; classtype:trojan-activity;sid:84329725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f9b61407-e9a0-4bfb-ac42-6ba811f07eed/downloads/daycare_reference_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466626/; classtype:trojan-activity;sid:84329726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466627)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/document-bz102600153.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"23.95.73.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466627/; classtype:trojan-activity;sid:84329727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466628/; classtype:trojan-activity;sid:84329728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466629)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/displayport_1.4_spec.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466629/; classtype:trojan-activity;sid:84329729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466630)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5cef5d8c-d0c4-4c2d-8d1b-c3fc4351bee8/3ae12746-499b-4f64-888e-c1e967a9e5c4.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466630/; classtype:trojan-activity;sid:84329730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466631)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/donk.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466631/; classtype:trojan-activity;sid:84329731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a49e03e-1cf9-44ed-ac44-c378f90fa5f8/downloads/63521883486.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466632/; classtype:trojan-activity;sid:84329732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/262ea410-a887-458b-b5ec-65748ef01e57/downloads/75258476975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466633/; classtype:trojan-activity;sid:84329733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466619)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/dajagunowe.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466619/; classtype:trojan-activity;sid:84329719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466620)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/hypochondria_ielts_reading_answers.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466620/; classtype:trojan-activity;sid:84329720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.107.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466621/; classtype:trojan-activity;sid:84329721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/migolijidawononavez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466622/; classtype:trojan-activity;sid:84329722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466623)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6286d8b4-6ffa-4d84-aeea-f2a9bc58a594/downloads/hotel_courtesy_call_template.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466623/; classtype:trojan-activity;sid:84329723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466616)"; flow:established,from_client; content:"GET"; http_method; content:"/merchantservices"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"zndwu.studio.lacrenshawcrossing.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466616/; classtype:trojan-activity;sid:84329716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466617)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48cf8ef6-fe89-47b6-9b8e-43119a3d3833/downloads/89759746182.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466617/; classtype:trojan-activity;sid:84329717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.245.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466618/; classtype:trojan-activity;sid:84329718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.171.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466614/; classtype:trojan-activity;sid:84329714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.68.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466615/; classtype:trojan-activity;sid:84329715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.245.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466612/; classtype:trojan-activity;sid:84329712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/poquito_mas_nutrition_facts.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466613/; classtype:trojan-activity;sid:84329713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/luxutevosevuke.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466610/; classtype:trojan-activity;sid:84329710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466611)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vamiralu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466611/; classtype:trojan-activity;sid:84329711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bonunorovekofa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466605/; classtype:trojan-activity;sid:84329705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/36407415595.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466606/; classtype:trojan-activity;sid:84329706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/82707682561.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466607/; classtype:trojan-activity;sid:84329707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466608)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0620227-6f33-427f-8ac7-1fb80d24bd78/downloads/loxabafefomukewizirefa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466608/; classtype:trojan-activity;sid:84329708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466609)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/metric_bolt_specification_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466609/; classtype:trojan-activity;sid:84329709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466596)"; flow:established,from_client; content:"GET"; http_method; content:"/files/96b4d27d-a19e-429f-927b-5a03ef5da174/ingls_gramtica_fcil_vaughan_descargar.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466596/; classtype:trojan-activity;sid:84329696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466597)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/22305465780.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466597/; classtype:trojan-activity;sid:84329697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/efeaa59e-2423-41d8-b482-9a37e80979c7/downloads/ge_disconnect_switch.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466598/; classtype:trojan-activity;sid:84329698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.4.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466599/; classtype:trojan-activity;sid:84329699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7518eff6-349e-4445-8380-e1c43aacea7b/downloads/gemudewefedevovep.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466600/; classtype:trojan-activity;sid:84329700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466601)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/tugojokuru.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466601/; classtype:trojan-activity;sid:84329701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466602)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/hadoop_notes_by_durgasoft_ramakrishna.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466602/; classtype:trojan-activity;sid:84329702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/compassionate_leave_letter_examples.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466603/; classtype:trojan-activity;sid:84329703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2294c0f6-d737-4b16-8fca-94076227dda5/downloads/garrison_carbon_monoxide_and_gas_detector_manual.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466604/; classtype:trojan-activity;sid:84329704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466592/; classtype:trojan-activity;sid:84329692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/kuradorug.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466593/; classtype:trojan-activity;sid:84329693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/38053692779.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466594/; classtype:trojan-activity;sid:84329694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466595)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/26107131918.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466595/; classtype:trojan-activity;sid:84329695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466586/; classtype:trojan-activity;sid:84329686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466587)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tozivagal.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466587/; classtype:trojan-activity;sid:84329687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466588)"; flow:established,from_client; content:"GET"; http_method; content:"/file/515b92e8-a9db-4495-a98e-4a0091889aeb/8de49a9f-aa72-414f-81ec-710dd02403e9.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466588/; classtype:trojan-activity;sid:84329688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466589)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f89e4feb-1b1d-40ce-9075-d0ba09bc48d0/cbc9c314-0b95-455b-b5f5-dd45c5b4bfaa.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466589/; classtype:trojan-activity;sid:84329689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466590/; classtype:trojan-activity;sid:84329690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466591)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b026e03-5af6-461d-a832-b5e23f93b19f/downloads/rojumedevunez.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466591/; classtype:trojan-activity;sid:84329691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nefusajoxepisajejod.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466585/; classtype:trojan-activity;sid:84329685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.188.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466576/; classtype:trojan-activity;sid:84329676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466577)"; flow:established,from_client; content:"GET"; http_method; content:"/file/62ad2bbf-ae32-453f-9f0f-d1c7d56d2c5d/d1b5d864-5dd0-481d-ac32-c6486392e4be.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466577/; classtype:trojan-activity;sid:84329677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466578/; classtype:trojan-activity;sid:84329678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466579)"; flow:established,from_client; content:"GET"; http_method; content:"/file/05113e4b-9e18-47c4-86fb-034f2affc0fa/3c66d46a-a527-442f-8c19-07533af12940.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466579/; classtype:trojan-activity;sid:84329679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466580)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2b0ae8ee-e452-46c5-8df4-9eff0d6c877c/53519767475.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466580/; classtype:trojan-activity;sid:84329680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466581)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tubewerapip.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466581/; classtype:trojan-activity;sid:84329681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466582)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8f073d5b-9455-493e-9d9a-d42bf38e1e09/ca6d67cf-ef00-4a8d-aec2-44fe3edd312a.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466582/; classtype:trojan-activity;sid:84329682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/18645484853.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466583/; classtype:trojan-activity;sid:84329683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466584)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/4850921377.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466584/; classtype:trojan-activity;sid:84329684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/basimonuje.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466567/; classtype:trojan-activity;sid:84329667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4490da21-0774-43c2-8f10-26fe1384ffab/downloads/convention_collective_ucanss_mutatio.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466568/; classtype:trojan-activity;sid:84329668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2f6bcf3c-4b23-42e7-95db-7e5e3070b630/downloads/29680644903.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466569/; classtype:trojan-activity;sid:84329669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.89.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466570/; classtype:trojan-activity;sid:84329670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e297ab99-26f3-4763-8aa9-4b5ba8336826/downloads/61556440139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466571/; classtype:trojan-activity;sid:84329671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/rikeleneliteta.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466572/; classtype:trojan-activity;sid:84329672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466573)"; flow:established,from_client; content:"GET"; http_method; content:"/file/0c02355e-3f38-4ab4-803f-70eb96f3a1d0/77079190438.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466573/; classtype:trojan-activity;sid:84329673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466574)"; flow:established,from_client; content:"GET"; http_method; content:"/file/95d3cba7-2804-4613-9147-aca7677205e7/nurejewanajiladir.pdf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466574/; classtype:trojan-activity;sid:84329674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466575)"; flow:established,from_client; content:"GET"; http_method; content:"/file/acc5b7ee-fcf4-419a-aa47-5b27ca21135e/29569960289.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466575/; classtype:trojan-activity;sid:84329675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dupibutemuxubezukexe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466559/; classtype:trojan-activity;sid:84329659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.205.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466560/; classtype:trojan-activity;sid:84329660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58f82e37-5723-4fc5-be87-1ca34da7fc9c/downloads/ladovarudugusujo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466561/; classtype:trojan-activity;sid:84329661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/93623530863.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466562/; classtype:trojan-activity;sid:84329662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/31982364803.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466563/; classtype:trojan-activity;sid:84329663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/manually_update_officescan_server.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466564/; classtype:trojan-activity;sid:84329664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/meligofat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466565/; classtype:trojan-activity;sid:84329665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pibajusapasadasizuvabo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466566/; classtype:trojan-activity;sid:84329666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/vuguvukopipokimukunoju.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466552/; classtype:trojan-activity;sid:84329652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/vmware_horizon_not_loading.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466553/; classtype:trojan-activity;sid:84329653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466554)"; flow:established,from_client; content:"GET"; http_method; content:"/vtyhat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466554/; classtype:trojan-activity;sid:84329654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.253.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466555/; classtype:trojan-activity;sid:84329655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/gekepozokenaxaketojakoj.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466556/; classtype:trojan-activity;sid:84329656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xekinozu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466557/; classtype:trojan-activity;sid:84329657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/tanaber.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466558/; classtype:trojan-activity;sid:84329658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466545)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c77e192c-9f6c-4c3f-938f-4cb0a72cff1b/45714981074.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466545/; classtype:trojan-activity;sid:84329645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lokodemerukezabakexa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466546/; classtype:trojan-activity;sid:84329646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466547)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wijigezafububofelib.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466547/; classtype:trojan-activity;sid:84329647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466548)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1a64ed17-85a2-4cee-b266-878ed957a17a/downloads/wezixipusafa.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466548/; classtype:trojan-activity;sid:84329648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466549)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a58abd44-e450-47ee-b71d-ec8ec83e05fa/451422df-25b5-411b-9763-2f8c8991f552.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466549/; classtype:trojan-activity;sid:84329649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466550)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1143a242-be04-4ed3-8df6-6c19d5640f28/benegerezameve.pdf"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466550/; classtype:trojan-activity;sid:84329650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ed9a7df-8325-4b88-b206-4975011bd8d3/downloads/73303046927.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466551/; classtype:trojan-activity;sid:84329651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466544)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vafibezesixura.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466544/; classtype:trojan-activity;sid:84329644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466542)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdf9b72e-240a-4a41-ac28-e187be75db3e/downloads/10008295817.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466542/; classtype:trojan-activity;sid:84329642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.244.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466543/; classtype:trojan-activity;sid:84329643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.72.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466537/; classtype:trojan-activity;sid:84329637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466538)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.76.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466538/; classtype:trojan-activity;sid:84329638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466539)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/35017680871.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466539/; classtype:trojan-activity;sid:84329639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466540/; classtype:trojan-activity;sid:84329640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.110.120.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466541/; classtype:trojan-activity;sid:84329641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466534)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b5346c1d-c474-4a92-9b4c-cbf0eee37189/downloads/jamupipenimewuroveg.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466534/; classtype:trojan-activity;sid:84329634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.207.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466535/; classtype:trojan-activity;sid:84329635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466536)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.qozab.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466536/; classtype:trojan-activity;sid:84329636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466531)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"enviojs2025.kozow.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466531/; classtype:trojan-activity;sid:84329631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466532/; classtype:trojan-activity;sid:84329632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466533)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.zitit.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466533/; classtype:trojan-activity;sid:84329633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/ritiwuga.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466523/; classtype:trojan-activity;sid:84329623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/98558988287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466524/; classtype:trojan-activity;sid:84329624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d8c405e-d09a-43e6-b2b9-f8bbfe0e4b05/downloads/japifitakudisudupuweb.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466525/; classtype:trojan-activity;sid:84329625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.213.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466526/; classtype:trojan-activity;sid:84329626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b7519557-5091-4de7-b104-8e86c3953c5d/downloads/66697702965.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466527/; classtype:trojan-activity;sid:84329627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4d8863b-da23-437d-86ed-df2351a23265/downloads/sazodaxorega.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466528/; classtype:trojan-activity;sid:84329628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466529)"; flow:established,from_client; content:"GET"; http_method; content:"/files/e7246f83-7b39-489a-9d1b-272e20929179/91572676813.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466529/; classtype:trojan-activity;sid:84329629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466530)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"qq51f.short.gy"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466530/; classtype:trojan-activity;sid:84329630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466511)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f5ce23ab-7749-476d-9097-0a8f6fc39b04/jodumi.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466511/; classtype:trojan-activity;sid:84329611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466512)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/36655168913.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466512/; classtype:trojan-activity;sid:84329612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wevularaboxurewugawe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466513/; classtype:trojan-activity;sid:84329613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466514)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/rubizegelolulagexarunup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466514/; classtype:trojan-activity;sid:84329614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466515)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/pipe_fittings_surface_area_chart.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466515/; classtype:trojan-activity;sid:84329615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466516)"; flow:established,from_client; content:"GET"; http_method; content:"/peroxic/peroxic/releases/download/1/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466516/; classtype:trojan-activity;sid:84329616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/ludirov.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466517/; classtype:trojan-activity;sid:84329617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.218.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466518/; classtype:trojan-activity;sid:84329618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466519)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.179.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466519/; classtype:trojan-activity;sid:84329619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466520)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7474c51e-b266-4a95-9741-dc7713ddf85a/31073929039.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466520/; classtype:trojan-activity;sid:84329620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/jedibam.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466521/; classtype:trojan-activity;sid:84329621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466522)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c2f5ec0b-52d8-40cb-8fa6-a66f6f891fa9/downloads/64630520522.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466522/; classtype:trojan-activity;sid:84329622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466506)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19f0e93a-8f01-4f21-8964-dcc990dea571/downloads/honeywell_dc3002_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466506/; classtype:trojan-activity;sid:84329606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466507)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30963207670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466507/; classtype:trojan-activity;sid:84329607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466508)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/36202936872.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466508/; classtype:trojan-activity;sid:84329608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466509)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/738cd3ca-10f0-4f1e-865e-c0932904fbb2/downloads/28412734415.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466509/; classtype:trojan-activity;sid:84329609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/wepepuv.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466510/; classtype:trojan-activity;sid:84329610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466503)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atpco_fare_filing_manual_s.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466503/; classtype:trojan-activity;sid:84329603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466504)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gartner_magic_quadrant_ips.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466504/; classtype:trojan-activity;sid:84329604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466505)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/xawegifurixikinixi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466505/; classtype:trojan-activity;sid:84329605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466502/; classtype:trojan-activity;sid:84329602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nolovafitavire.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466501/; classtype:trojan-activity;sid:84329601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466499)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d1015b02-17aa-4d6d-a4e5-ad64e73c409f/95232fae-6b73-4807-b514-3dd35c08010a.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466499/; classtype:trojan-activity;sid:84329599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466500/; classtype:trojan-activity;sid:84329600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466494)"; flow:established,from_client; content:"GET"; http_method; content:"/file/297de280-4627-4a50-a9fa-765f9c85b42b/11865141938.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466494/; classtype:trojan-activity;sid:84329594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466495)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/mojijodexiv.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466495/; classtype:trojan-activity;sid:84329595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466496)"; flow:established,from_client; content:"GET"; http_method; content:"/files/12428929-04c5-4353-b6df-38d0738aa925/30013525980.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466496/; classtype:trojan-activity;sid:84329596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466497)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/xipefodefanotare.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466497/; classtype:trojan-activity;sid:84329597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466498)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gekulafemidafalijuw.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466498/; classtype:trojan-activity;sid:84329598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466489)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/types_of_lines_in_construction_drawings.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466489/; classtype:trojan-activity;sid:84329589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466490)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/psa_birth_certificate_authorization_letter.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466490/; classtype:trojan-activity;sid:84329590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466491/; classtype:trojan-activity;sid:84329591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466492)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/libububodanusakamarad.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466492/; classtype:trojan-activity;sid:84329592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.250.15.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466493/; classtype:trojan-activity;sid:84329593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.100.128.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466478/; classtype:trojan-activity;sid:84329578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466479)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4116fc94-e93c-4396-b6a1-076e47c5ddc9/97311103197.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466479/; classtype:trojan-activity;sid:84329579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466480)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/41202776349.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466480/; classtype:trojan-activity;sid:84329580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466481)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dc583f51-62de-45fb-b9c6-f152dd4c2594/downloads/combining_like_terms_pyramid_worksheet_answers.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466481/; classtype:trojan-activity;sid:84329581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466482)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1dc2c198-09f6-4966-96bb-2e160c7d78e2/downloads/55840145977.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466482/; classtype:trojan-activity;sid:84329582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466483/; classtype:trojan-activity;sid:84329583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466484)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/puzenesariwalez.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466484/; classtype:trojan-activity;sid:84329584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466485)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0eb552d-3ccf-4b3e-a340-0e3717106147/downloads/kalozarisi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466485/; classtype:trojan-activity;sid:84329585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466486)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/wilikof.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466486/; classtype:trojan-activity;sid:84329586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466487)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/geruzirejexexani.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466487/; classtype:trojan-activity;sid:84329587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466488)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120151100if_/https://uploads.strikinglycdn.com/files/88fe4363-1198-45e6-9226-8b94f28355d4/biwuzu.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466488/; classtype:trojan-activity;sid:84329588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9d9f96-a289-4877-85d4-e6d2d4cc419c/downloads/minerva_t2000_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466476/; classtype:trojan-activity;sid:84329576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466477)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ceb584cd-64a5-40b4-8b04-c9a5a6743fea/tekuwejoferemobuzimegab.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466477/; classtype:trojan-activity;sid:84329577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.233.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466473/; classtype:trojan-activity;sid:84329573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/siemens_pcs_7_full_training_manual.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466474/; classtype:trojan-activity;sid:84329574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466475/; classtype:trojan-activity;sid:84329575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466470/; classtype:trojan-activity;sid:84329570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466471/; classtype:trojan-activity;sid:84329571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sojawamiluredowad.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466472/; classtype:trojan-activity;sid:84329572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/add57eeb-0480-4d3e-871c-79d9b8fe2772/downloads/lozataroziwukurejigax.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466462/; classtype:trojan-activity;sid:84329562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/capacitor_bank_preventive_maintenance_checklist.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466463/; classtype:trojan-activity;sid:84329563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/jesafi.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466464/; classtype:trojan-activity;sid:84329564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wofewipawo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466465/; classtype:trojan-activity;sid:84329565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466466/; classtype:trojan-activity;sid:84329566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.156.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466467/; classtype:trojan-activity;sid:84329567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466468)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/58423586845.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466468/; classtype:trojan-activity;sid:84329568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89849145142.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466469/; classtype:trojan-activity;sid:84329569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466460)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c26a93a-50bb-4104-895b-059e3fc9a02c/downloads/zoxinigexozojadidara.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466460/; classtype:trojan-activity;sid:84329560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466461)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b5d65721-b1ce-4cbd-a530-687fcb3196bf/bb8f6473-d1fe-4458-9dba-7882495f854c.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466461/; classtype:trojan-activity;sid:84329561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/demande_d_allocation_chomage_pole_emploi.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466454/; classtype:trojan-activity;sid:84329554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.168.190.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466455/; classtype:trojan-activity;sid:84329555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466456)"; flow:established,from_client; content:"GET"; http_method; content:"/files/b6c5b112-f6b3-40ae-8cef-eae81dadc0c1/sevutaposagegamizalef.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466456/; classtype:trojan-activity;sid:84329556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.36.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466457/; classtype:trojan-activity;sid:84329557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466458/; classtype:trojan-activity;sid:84329558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tutorialspoint_sap_pp.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466459/; classtype:trojan-activity;sid:84329559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466449)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/lafebokoz.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466449/; classtype:trojan-activity;sid:84329549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466450)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/advance_payment_request_letter_format_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466450/; classtype:trojan-activity;sid:84329550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466451)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7fe2e118-c9fc-4262-abf0-c8aa430d34a3/99859b18-364c-4b01-b26d-53c3b1f093c1.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466451/; classtype:trojan-activity;sid:84329551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/boilermaker_drawings_and_developments.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466452/; classtype:trojan-activity;sid:84329552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8532eb1d-13c2-4756-9d41-225750b056f4/downloads/litimuwabu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466453/; classtype:trojan-activity;sid:84329553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/telcordia_sr_332_issue_4.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466444/; classtype:trojan-activity;sid:84329544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/stopaq_application_manual_2018.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466445/; classtype:trojan-activity;sid:84329545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.233.162.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466446/; classtype:trojan-activity;sid:84329546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466447)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3daad7b2-98c5-4dc1-b37a-5570afcba267/downloads/40472163846.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466447/; classtype:trojan-activity;sid:84329547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466448)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2c3a0962-8c7c-4c69-90e8-00cca1b137bb/1f9b0008-a5aa-48b6-923f-33607527d48b.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466448/; classtype:trojan-activity;sid:84329548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.48.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466435/; classtype:trojan-activity;sid:84329535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466436)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b1addc43-0174-431f-a075-c831cd27ebdb/penupizi.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466436/; classtype:trojan-activity;sid:84329536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.50.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466437/; classtype:trojan-activity;sid:84329537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466438)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/nwhhlyqq2p4l7r2/linkin_park.mp3/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466438/; classtype:trojan-activity;sid:84329538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466439)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89247847196.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466439/; classtype:trojan-activity;sid:84329539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/72993487295.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466440/; classtype:trojan-activity;sid:84329540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466441)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9155fa-7173-4766-94c3-9e400d4aed58/downloads/def_stan_91-91.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466441/; classtype:trojan-activity;sid:84329541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466442)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.154.34.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466442/; classtype:trojan-activity;sid:84329542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/42d6a3b4-bbc0-47ab-bf86-c3ddb806b2ed/downloads/rafadaduveputev.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466443/; classtype:trojan-activity;sid:84329543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3924d65b-e08d-4f21-8d71-a0b15eb654bb/downloads/63720952596.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466429/; classtype:trojan-activity;sid:84329529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.180.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466430/; classtype:trojan-activity;sid:84329530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466431)"; flow:established,from_client; content:"GET"; http_method; content:"/file/178bfa92-53b9-4197-bb49-271a0b436153/tinuvijevedima.pdf"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466431/; classtype:trojan-activity;sid:84329531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466432)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ae43e5bd-76b1-49db-b117-e975f06ef8f7/c785189f-b01f-44fa-9ef6-21ec75510fdc.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466432/; classtype:trojan-activity;sid:84329532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466433)"; flow:established,from_client; content:"GET"; http_method; content:"/file/9458400d-b72c-4ec9-89b0-b6ac62df5385/9274675051.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466433/; classtype:trojan-activity;sid:84329533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466434)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b6b84e49-cb71-4833-b8ce-4088763092a6/56931572255.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466434/; classtype:trojan-activity;sid:84329534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.40.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466426/; classtype:trojan-activity;sid:84329526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466427)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b6f8a91b-5dfe-43f8-99ab-0fd85e625ebf/16c1b129-c5a3-4e02-8ba4-fdec383a5fd2.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466427/; classtype:trojan-activity;sid:84329527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466428)"; flow:established,from_client; content:"GET"; http_method; content:"/files/765e65e5-b1a3-4086-98af-df23e7439477/tepedudegirawonib.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466428/; classtype:trojan-activity;sid:84329528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/woleb.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466417/; classtype:trojan-activity;sid:84329517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dururotilonid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466418/; classtype:trojan-activity;sid:84329518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466419)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/150_dialogues_en_francais.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466419/; classtype:trojan-activity;sid:84329519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466420)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/88031585580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466420/; classtype:trojan-activity;sid:84329520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466421/; classtype:trojan-activity;sid:84329521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466422)"; flow:established,from_client; content:"GET"; http_method; content:"/files/21f34c0c-c44b-438c-849b-203858851c0e/navair_17-15bad-1_t.o._8d2-62-1.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466422/; classtype:trojan-activity;sid:84329522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/dollar_general_cbl_answers_robbery_prevention.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466423/; classtype:trojan-activity;sid:84329523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466424)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4e8158-a082-4b1f-960e-1d82a946a72b/downloads/76239393989.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466424/; classtype:trojan-activity;sid:84329524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466425)"; flow:established,from_client; content:"GET"; http_method; content:"/file/24948781-8910-482f-9bbf-e5f5533fe0ed/f86744aa-c6b1-4e57-8c59-2772168b87b1.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466425/; classtype:trojan-activity;sid:84329525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466414)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51c1105d-a687-468d-b1aa-293ca9578a34/downloads/giwuroganapedokozijave.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466414/; classtype:trojan-activity;sid:84329514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466415)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fa3f258e-9bd8-4c67-8a89-62496ba571b0/01bcc824-143b-4d9b-b7d9-395dc504715d.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466415/; classtype:trojan-activity;sid:84329515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466416)"; flow:established,from_client; content:"GET"; http_method; content:"/file/468cef1e-52ef-45c3-8036-8312ece999dc/redogap.pdf"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466416/; classtype:trojan-activity;sid:84329516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466405/; classtype:trojan-activity;sid:84329505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466406)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50e5aae7-a15c-4d74-a4ed-a8edfca980c4/downloads/atividades_adaptadas_de_ingles_para_deficientes_intelectuais.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466406/; classtype:trojan-activity;sid:84329506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466407)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/24465842333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466407/; classtype:trojan-activity;sid:84329507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466408)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2c6ddc9e-9c0a-495e-a429-d90de3d15724/16eaa5c4-0d27-4b0b-9007-a61c05d558a9.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466408/; classtype:trojan-activity;sid:84329508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2d664301-7b5e-474d-97a1-1305c7ece601/downloads/35905190672.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466409/; classtype:trojan-activity;sid:84329509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/12922543008.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466410/; classtype:trojan-activity;sid:84329510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466411)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b9021372-ea54-4137-8c0b-5ecab82dc180/ae9bf11b-b300-4bec-be95-f8fe7033f4de.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466411/; classtype:trojan-activity;sid:84329511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/20643132370.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466412/; classtype:trojan-activity;sid:84329512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466413)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/95435099570.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466413/; classtype:trojan-activity;sid:84329513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466404)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e705478f-22ba-45d1-99d0-2792d73c9f88/ponole.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466404/; classtype:trojan-activity;sid:84329504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466400)"; flow:established,from_client; content:"GET"; http_method; content:"/file/dc23a876-6148-47e4-b26e-6718d2c8faa0/edcf3aef-6a23-4465-9fb6-9d97b6287610.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466400/; classtype:trojan-activity;sid:84329500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2bb4e8cb-ec7e-44c1-a645-d94d4534f3a4/downloads/far_from_you_tess_sharpe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466401/; classtype:trojan-activity;sid:84329501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.85.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466402/; classtype:trojan-activity;sid:84329502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87076889980.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466403/; classtype:trojan-activity;sid:84329503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466395)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120151100/https://uploads.strikinglycdn.com/files/88fe4363-1198-45e6-9226-8b94f28355d4/biwuzu.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466395/; classtype:trojan-activity;sid:84329495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466396)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/40331451843.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466396/; classtype:trojan-activity;sid:84329496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/sumitomo_f50_compressor_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466397/; classtype:trojan-activity;sid:84329497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466398)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tusosexukitut.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466398/; classtype:trojan-activity;sid:84329498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466399/; classtype:trojan-activity;sid:84329499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466386)"; flow:established,from_client; content:"GET"; http_method; content:"/files/abe7978d-bb23-4033-9bad-ec17c1cf5b87/69129212874.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466386/; classtype:trojan-activity;sid:84329486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466387)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466387/; classtype:trojan-activity;sid:84329487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466388)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b5ce1846-3411-42f6-ba98-88e707b2e197/sanibuvagonatumobopede.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466388/; classtype:trojan-activity;sid:84329488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d45c0d9d-8581-471d-bee0-51d1b9891f05/downloads/nisisot.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466389/; classtype:trojan-activity;sid:84329489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466390)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tojabuka.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466390/; classtype:trojan-activity;sid:84329490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/16219919996.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466391/; classtype:trojan-activity;sid:84329491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/famous_athletes_banned_for_drug_use.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466392/; classtype:trojan-activity;sid:84329492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466393)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/31075581028.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466393/; classtype:trojan-activity;sid:84329493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466394)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/table_trigonometrique_complet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466394/; classtype:trojan-activity;sid:84329494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.203.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466381/; classtype:trojan-activity;sid:84329481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466382)"; flow:established,from_client; content:"GET"; http_method; content:"/file/888d1923-9b15-4b8f-835c-ec1c2f5a487e/0ebc4257-dc61-48a5-ae62-55f865b1ae16.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466382/; classtype:trojan-activity;sid:84329482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466383)"; flow:established,from_client; content:"GET"; http_method; content:"/file/0d458308-8807-4ca7-9a93-642b8dbd42fe/81058213784.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466383/; classtype:trojan-activity;sid:84329483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466384)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c8d9dd8e-330c-4b2f-b0a8-881e9f73092e/c8927d48-0159-4728-b75c-8127681a6103.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466384/; classtype:trojan-activity;sid:84329484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f20719e2-319c-4f10-aabc-5dffb4a98912/downloads/45233279752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466385/; classtype:trojan-activity;sid:84329485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466376)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/10e01255-b324-4a54-ae63-f4e28a319147/downloads/how_to_make_authorization_letter_to_claim_money_in_palawan.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466376/; classtype:trojan-activity;sid:84329476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.47.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466377/; classtype:trojan-activity;sid:84329477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466378)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/baropuzijavalerivotenujop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466378/; classtype:trojan-activity;sid:84329478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466379)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15135097712.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466379/; classtype:trojan-activity;sid:84329479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466380)"; flow:established,from_client; content:"GET"; http_method; content:"/file/18cdf693-e5a5-4852-a0f8-82797859a395/61254154362.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466380/; classtype:trojan-activity;sid:84329480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.177.141.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466374/; classtype:trojan-activity;sid:84329474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466375)"; flow:established,from_client; content:"GET"; http_method; content:"/files/f824a915-7139-430c-a391-310f5b2f32ca/niximekinojigolif.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466375/; classtype:trojan-activity;sid:84329475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466366)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/demag_ac_350_dwg.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466366/; classtype:trojan-activity;sid:84329466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.237.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466367/; classtype:trojan-activity;sid:84329467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466368)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a54bec2d-3289-49ea-bc69-cf11208bcf77/f1cc8fad-494f-4d97-9ba3-836fd0ff6b6c.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466368/; classtype:trojan-activity;sid:84329468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466369/; classtype:trojan-activity;sid:84329469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6479094-5bf7-4b46-9ced-d0f3d0d49751/downloads/63982701040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466370/; classtype:trojan-activity;sid:84329470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e35dded4-68df-49bc-a9b0-aad8c63628c2/downloads/polipuzikiwelines.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466371/; classtype:trojan-activity;sid:84329471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/jakirezimukixinirivuvizuw.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466372/; classtype:trojan-activity;sid:84329472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466373)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4bf44b4-a39c-49f8-89f5-4b487ef61751/downloads/safety_precautions_during_rainy_season_ppt.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466373/; classtype:trojan-activity;sid:84329473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466357)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a5cfaada-6fa6-450f-a63d-2e7d202d70a1/25287055618.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466357/; classtype:trojan-activity;sid:84329457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gasanon.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466358/; classtype:trojan-activity;sid:84329458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87218120165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466359/; classtype:trojan-activity;sid:84329459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466360)"; flow:established,from_client; content:"GET"; http_method; content:"/hhhapi.mp3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"iplogger.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466360/; classtype:trojan-activity;sid:84329460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466361)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b3c13694-0942-4860-b6e4-87e2de37d3ff/59123250714.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466361/; classtype:trojan-activity;sid:84329461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466362/; classtype:trojan-activity;sid:84329462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.234.177.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466363/; classtype:trojan-activity;sid:84329463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466364)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6c9fdcec-b167-4620-b064-54b8917c32b8/downloads/57211354597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466364/; classtype:trojan-activity;sid:84329464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466365)"; flow:established,from_client; content:"GET"; http_method; content:"/lnkfmx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466365/; classtype:trojan-activity;sid:84329465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.143.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466354/; classtype:trojan-activity;sid:84329454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/2687436544.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466355/; classtype:trojan-activity;sid:84329455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466356)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/astonishment_report_example_template_free.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466356/; classtype:trojan-activity;sid:84329456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.88.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466352/; classtype:trojan-activity;sid:84329452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4454ad30-3f6f-488a-b5e6-19e7bcca2146/downloads/duzinijilufixikedaluw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466353/; classtype:trojan-activity;sid:84329453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466339)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466339/; classtype:trojan-activity;sid:84329439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47a03532-4838-4d3f-b185-a29c87fa882c/downloads/24511080679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466340/; classtype:trojan-activity;sid:84329440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466341)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/35512569741.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466341/; classtype:trojan-activity;sid:84329441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466342)"; flow:established,from_client; content:"GET"; http_method; content:"/files/beb7d01d-2b27-4831-bbcc-4ba69f59a79c/how_to_set_up_interval_training_on_map_my_run.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466342/; classtype:trojan-activity;sid:84329442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466343/; classtype:trojan-activity;sid:84329443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/fiselarodinolapin.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466344/; classtype:trojan-activity;sid:84329444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466345)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/donk.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466345/; classtype:trojan-activity;sid:84329445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.120.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466346/; classtype:trojan-activity;sid:84329446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466347)"; flow:established,from_client; content:"GET"; http_method; content:"/file/0e102119-d13c-4902-ba84-bbd0508c109b/79115654992.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466347/; classtype:trojan-activity;sid:84329447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/fonuferin.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466348/; classtype:trojan-activity;sid:84329448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466349)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/59681288373.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466349/; classtype:trojan-activity;sid:84329449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9db526fb-d62a-447a-9766-8665158ad47a/downloads/skf_linear_bearing_catalogue.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466350/; classtype:trojan-activity;sid:84329450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466351)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/45838770375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466351/; classtype:trojan-activity;sid:84329451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466336)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98a1791f-f3a9-4ef2-ac34-41b3393c3d1d/downloads/original_documents_handover_letter_format.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466336/; classtype:trojan-activity;sid:84329436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/60272662631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466337/; classtype:trojan-activity;sid:84329437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466338)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa44ab49-4d64-4d64-8bfd-2dfce545052f/downloads/limitations_act_2004_nigeria.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466338/; classtype:trojan-activity;sid:84329438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466330)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6598ea2-e266-47e1-ba10-b9552e811b79/downloads/iso_8015_tolerance_chart.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466330/; classtype:trojan-activity;sid:84329430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466331)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72cc53f9-3bf4-447c-963a-353f48ad8500/downloads/puwutokok.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466331/; classtype:trojan-activity;sid:84329431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.120.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466332/; classtype:trojan-activity;sid:84329432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466333)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/emdr_cognitive_interweaves.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466333/; classtype:trojan-activity;sid:84329433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.93.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466334/; classtype:trojan-activity;sid:84329434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466335)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e7cb1fa8-62b1-4028-9b90-4bde6b8fe59a/34270487639.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466335/; classtype:trojan-activity;sid:84329435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466325)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/15715958975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466325/; classtype:trojan-activity;sid:84329425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sanugesijeviwo.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466326/; classtype:trojan-activity;sid:84329426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466327)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/167862b3-31e9-4984-90e5-30766e3a7fa8/downloads/20740408467.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466327/; classtype:trojan-activity;sid:84329427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.6.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466328/; classtype:trojan-activity;sid:84329428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466329)"; flow:established,from_client; content:"GET"; http_method; content:"/file/36a05e2f-c0fb-4aa4-8268-1bf6f0a8e4c5/777cc5dc-46ca-43ae-881e-1f17a7af876e.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466329/; classtype:trojan-activity;sid:84329429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466316)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/22914289512.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466316/; classtype:trojan-activity;sid:84329416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f842cd9f-c67c-4749-ba01-22d7c1ea502c/downloads/93070455772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466317/; classtype:trojan-activity;sid:84329417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.61.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466318/; classtype:trojan-activity;sid:84329418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466319)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/61240910211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466319/; classtype:trojan-activity;sid:84329419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/33251318472.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466320/; classtype:trojan-activity;sid:84329420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/84098559127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466321/; classtype:trojan-activity;sid:84329421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466322)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kaxajopisojurivo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466322/; classtype:trojan-activity;sid:84329422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466323/; classtype:trojan-activity;sid:84329423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466324)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vehicle_sale_agreement_format_in_word_kerala_online_applicat.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466324/; classtype:trojan-activity;sid:84329424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.29.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466311/; classtype:trojan-activity;sid:84329411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/everstart_750_amp_jump_starter_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466312/; classtype:trojan-activity;sid:84329412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/manual_ppap_4_edicao.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466313/; classtype:trojan-activity;sid:84329413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/3703775959.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466314/; classtype:trojan-activity;sid:84329414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.76.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466315/; classtype:trojan-activity;sid:84329415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/womirojepu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466305/; classtype:trojan-activity;sid:84329405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466306)"; flow:established,from_client; content:"GET"; http_method; content:"/files/d86dbc66-a79c-49c5-a6e6-370dcea6bc9e/73415388706.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466306/; classtype:trojan-activity;sid:84329406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/lord_of_the_flies_script.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466307/; classtype:trojan-activity;sid:84329407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466308)"; flow:established,from_client; content:"GET"; http_method; content:"/files/3b76ca54-d5a9-4c63-a3a2-045e51a75d5e/eli_el_libro_de_los_secretos_pelicula_completa_en_espaol.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466308/; classtype:trojan-activity;sid:84329408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466309)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/38102271043.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466309/; classtype:trojan-activity;sid:84329409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466310)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b65a4bdf-f0b3-4dab-a37f-141c156fd367/6d31c9e0-16ea-44f8-9dd4-60ce0befe0f1.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466310/; classtype:trojan-activity;sid:84329410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/depo_provera_osteoporosis_guidelines.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466304/; classtype:trojan-activity;sid:84329404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466299)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/76dd3d_5bad8f03e16949259c0ab217d971bb15.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"08202b68-adf4-4b7d-bb06-fcebe54c78b8.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466299/; classtype:trojan-activity;sid:84329399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466300)"; flow:established,from_client; content:"GET"; http_method; content:"/file/9c508fb3-b4ec-417d-9274-615773594b69/79699692147.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466300/; classtype:trojan-activity;sid:84329400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/397fbc33-145f-44ec-a774-e1fa1b866d82/downloads/fekesijurada.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466301/; classtype:trojan-activity;sid:84329401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466302)"; flow:established,from_client; content:"GET"; http_method; content:"/file/405643d9-a8b5-4ed5-82e4-522175201605/sixixekumobumabi.pdf"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466302/; classtype:trojan-activity;sid:84329402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466303)"; flow:established,from_client; content:"GET"; http_method; content:"/razdzn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466303/; classtype:trojan-activity;sid:84329403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466293)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/78299826683.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466293/; classtype:trojan-activity;sid:84329393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466294)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2da57a-5cad-4b1e-b658-8efa7e30bee5/downloads/como_transferir_saldo_de_dados_unitel.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466294/; classtype:trojan-activity;sid:84329394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466295/; classtype:trojan-activity;sid:84329395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466296/; classtype:trojan-activity;sid:84329396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466297)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ff5db76f-01bc-432e-acad-4281ec1c77ca/40458722261.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466297/; classtype:trojan-activity;sid:84329397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466298)"; flow:established,from_client; content:"GET"; http_method; content:"/files/52bb03c8-1ecb-401b-83a1-7caf9827b3da/8154916359.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466298/; classtype:trojan-activity;sid:84329398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/billetes_didacticos_mexicanos_para_imprimir.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466283/; classtype:trojan-activity;sid:84329383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466284)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/xutodorimalibavexididoson.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466284/; classtype:trojan-activity;sid:84329384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466285)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/vatalikuxigepiwu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466285/; classtype:trojan-activity;sid:84329385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2fda8269-9b7e-4008-b093-ed7dc0bde9d7/downloads/zinivegosejuriwevagowu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466286/; classtype:trojan-activity;sid:84329386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.227.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466287/; classtype:trojan-activity;sid:84329387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466288)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/dotuxomolomorapitome.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466288/; classtype:trojan-activity;sid:84329388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466289)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/541a1d8b-7a21-4c1f-8013-03406bd1a8ad/downloads/mevuxurike.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466289/; classtype:trojan-activity;sid:84329389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466290)"; flow:established,from_client; content:"GET"; http_method; content:"/file/348d4910-cbed-4b09-9a0f-c144039e7073/kogexalelonej.pdf"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466290/; classtype:trojan-activity;sid:84329390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466291)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/jubomumifekomu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466291/; classtype:trojan-activity;sid:84329391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.246.116.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466292/; classtype:trojan-activity;sid:84329392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466275)"; flow:established,from_client; content:"GET"; http_method; content:"/file/bc39b618-7197-4331-a4a7-30e005254429/21981089319.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466275/; classtype:trojan-activity;sid:84329375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.76.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466276/; classtype:trojan-activity;sid:84329376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.68.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466277/; classtype:trojan-activity;sid:84329377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.238.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466278/; classtype:trojan-activity;sid:84329378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa25c895-a966-4265-aeb1-bc094284554e/downloads/jifig.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466279/; classtype:trojan-activity;sid:84329379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/90378982159.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466280/; classtype:trojan-activity;sid:84329380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466281/; classtype:trojan-activity;sid:84329381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466282)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jodegemotekuseve.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466282/; classtype:trojan-activity;sid:84329382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.139.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466274/; classtype:trojan-activity;sid:84329374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.161.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466272/; classtype:trojan-activity;sid:84329372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.217.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466273/; classtype:trojan-activity;sid:84329373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466268)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/46578941429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466268/; classtype:trojan-activity;sid:84329368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/elenco_corsi_vam_viterbo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466269/; classtype:trojan-activity;sid:84329369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466270)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466270/; classtype:trojan-activity;sid:84329370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.29.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466271/; classtype:trojan-activity;sid:84329371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.76.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466258/; classtype:trojan-activity;sid:84329358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/17714436684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466259/; classtype:trojan-activity;sid:84329359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/planet_fitness_membership_cancellation_letter.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466260/; classtype:trojan-activity;sid:84329360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466261)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/61105974714.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466261/; classtype:trojan-activity;sid:84329361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.244.88.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466262/; classtype:trojan-activity;sid:84329362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466263)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5f1ad1c1-1224-4a73-b5c4-f4635d1d2f76/kekorezupula.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466263/; classtype:trojan-activity;sid:84329363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.214.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466264/; classtype:trojan-activity;sid:84329364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.54.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466265/; classtype:trojan-activity;sid:84329365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/933c3405-1572-4648-b39e-d98567eb5bee/downloads/for_your_kind_perusal_and_necessary_action_meaning.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466266/; classtype:trojan-activity;sid:84329366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466267)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/scrubber_design_calculation_excel.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466267/; classtype:trojan-activity;sid:84329367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6787db73-833d-4393-867e-1b786eb5e101/downloads/60859753638.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466249/; classtype:trojan-activity;sid:84329349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466250)"; flow:established,from_client; content:"GET"; http_method; content:"/haven/a5fohb14.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"79.133.46.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466250/; classtype:trojan-activity;sid:84329350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466251)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6ec385fc-f509-4ead-b7f1-f400df77699c/77122143221.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466251/; classtype:trojan-activity;sid:84329351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466252)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/why_is_annexure_d_required_for_minor_passport.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466252/; classtype:trojan-activity;sid:84329352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466253)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/574284889.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466253/; classtype:trojan-activity;sid:84329353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/xikapataxofako.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466254/; classtype:trojan-activity;sid:84329354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466255)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lobigexapi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466255/; classtype:trojan-activity;sid:84329355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466256)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2470d53e-fef7-4646-9c8b-919894e66d18/downloads/72646482584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466256/; classtype:trojan-activity;sid:84329356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466257)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/46429707192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466257/; classtype:trojan-activity;sid:84329357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466245)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7153ec40-cd7f-411a-a08b-66d173a33455/downloads/standards_australia_handbook_197.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466245/; classtype:trojan-activity;sid:84329345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.30.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466246/; classtype:trojan-activity;sid:84329346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466247)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/55745505506.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466247/; classtype:trojan-activity;sid:84329347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466248/; classtype:trojan-activity;sid:84329348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/43311556781.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466241/; classtype:trojan-activity;sid:84329341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.11.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466242/; classtype:trojan-activity;sid:84329342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466243)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.65.26.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466243/; classtype:trojan-activity;sid:84329343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466244)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/80691091889.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466244/; classtype:trojan-activity;sid:84329344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466237)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b1d22465-db97-45e9-9521-a813f2680bdb/momidikabavuvadotugofevep.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466237/; classtype:trojan-activity;sid:84329337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466238)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sewuxazomuwara.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466238/; classtype:trojan-activity;sid:84329338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466239)"; flow:established,from_client; content:"GET"; http_method; content:"/qtmzbn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466239/; classtype:trojan-activity;sid:84329339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466240/; classtype:trojan-activity;sid:84329340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466234/; classtype:trojan-activity;sid:84329334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.119.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466235/; classtype:trojan-activity;sid:84329335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.244.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466236/; classtype:trojan-activity;sid:84329336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ce549e8-3051-428a-a71b-b48f204ac3cd/downloads/rapid_router_level_43_solution.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466231/; classtype:trojan-activity;sid:84329331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466232)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0620bed2-a9d8-4f06-ab8c-173ea1a60a70/downloads/jijegarazomimubusawogam.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466232/; classtype:trojan-activity;sid:84329332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466233)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/matunekuv.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466233/; classtype:trojan-activity;sid:84329333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/statsafe_3000_msds.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466230/; classtype:trojan-activity;sid:84329330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466220)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/documents/marketing%20info.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"peazonyas.ink"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466220/; classtype:trojan-activity;sid:84329320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/82647770508.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466221/; classtype:trojan-activity;sid:84329321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466222)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee3e2894-0337-41f6-9371-caecf7034a22/downloads/26991821255.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466222/; classtype:trojan-activity;sid:84329322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466223/; classtype:trojan-activity;sid:84329323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.249.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466224/; classtype:trojan-activity;sid:84329324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.43.65.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466225/; classtype:trojan-activity;sid:84329325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/gesuzodekutiz.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466226/; classtype:trojan-activity;sid:84329326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466227)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/how_to_register_in_upstox.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466227/; classtype:trojan-activity;sid:84329327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/exercises_for_trigger_thumb.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466228/; classtype:trojan-activity;sid:84329328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466229)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/132d13c5-3f89-41bf-85b4-d1a24ddcf61c/downloads/nosiwevixina.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466229/; classtype:trojan-activity;sid:84329329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a56a106f-21b9-46c2-b5bc-12461919334c/downloads/vurarufa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466215/; classtype:trojan-activity;sid:84329315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466216)"; flow:established,from_client; content:"GET"; http_method; content:"/files/a45b79a8-b5dc-48a1-b8ee-0e5775f210df/72226081075.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466216/; classtype:trojan-activity;sid:84329316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466217)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_get_a_wire_transfer_receipt_chase.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466217/; classtype:trojan-activity;sid:84329317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466218)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466218/; classtype:trojan-activity;sid:84329318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/3175972790.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466219/; classtype:trojan-activity;sid:84329319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.26.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466212/; classtype:trojan-activity;sid:84329312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/apex_sl_vibration_controller_manual.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466213/; classtype:trojan-activity;sid:84329313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nakozixuwelafi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466214/; classtype:trojan-activity;sid:84329314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466211)"; flow:established,from_client; content:"GET"; http_method; content:"/file/18d8e4f7-345c-4fd9-81d0-cde89dad9a31/zijifitani.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466211/; classtype:trojan-activity;sid:84329311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mobesapovasag.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466205/; classtype:trojan-activity;sid:84329305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/imperial_vernier_caliper_worksheet.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466206/; classtype:trojan-activity;sid:84329306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e2ab423c-1813-4cd0-becb-6a8adbf01641/downloads/ribafimimeriledok.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466207/; classtype:trojan-activity;sid:84329307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/62228929609.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466208/; classtype:trojan-activity;sid:84329308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/91a706e9-d066-47d7-89af-69535d865c3d/downloads/carteirinha_de_estudante_falsa_em.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466209/; classtype:trojan-activity;sid:84329309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466210)"; flow:established,from_client; content:"GET"; http_method; content:"/file/55363627-595b-42a5-b049-753b42299034/fedakukuw.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466210/; classtype:trojan-activity;sid:84329310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466194)"; flow:established,from_client; content:"GET"; http_method; content:"/file/531bde03-5a52-4164-8b19-388735cfbd89/59661449876.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466194/; classtype:trojan-activity;sid:84329294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.207.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466195/; classtype:trojan-activity;sid:84329295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/35740879646.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466196/; classtype:trojan-activity;sid:84329296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466197/; classtype:trojan-activity;sid:84329297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466198)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bdc1315f-c381-4f7b-827f-eda232a3c632/downloads/75692133138.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466198/; classtype:trojan-activity;sid:84329298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466199)"; flow:established,from_client; content:"GET"; http_method; content:"/file/440aa654-97f0-4ed1-99b2-af322f4b37fd/83726055220.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466199/; classtype:trojan-activity;sid:84329299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466200)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f3b90637-851c-4395-aa13-63df9b83b374/pilupezanudamid.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466200/; classtype:trojan-activity;sid:84329300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466201)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/zeneliginuboripiriza.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466201/; classtype:trojan-activity;sid:84329301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6bb5c8cf-e89d-49c0-aeeb-7278d39f6b32/downloads/fiche_grcf_bts_gpme.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466202/; classtype:trojan-activity;sid:84329302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466203)"; flow:established,from_client; content:"GET"; http_method; content:"/update.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"agent12ai.icu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466203/; classtype:trojan-activity;sid:84329303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466204)"; flow:established,from_client; content:"GET"; http_method; content:"/files/b9353e09-7133-4b4f-988b-8f9b83192378/steven_francis_pavic_released.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466204/; classtype:trojan-activity;sid:84329304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466191/; classtype:trojan-activity;sid:84329291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466192)"; flow:established,from_client; content:"GET"; http_method; content:"/file/cc9d013a-1e28-4b80-8435-1590de1e8340/1b9cd61a-21da-4019-9f29-e0542cb4d4a4.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466192/; classtype:trojan-activity;sid:84329292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/77724997403.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466193/; classtype:trojan-activity;sid:84329293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/xinunivigaxelifujukedo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466181/; classtype:trojan-activity;sid:84329281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466182)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/pidipaxiworoguvosifap.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466182/; classtype:trojan-activity;sid:84329282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466183)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rent_receipt_format_in_ms_word.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466183/; classtype:trojan-activity;sid:84329283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nipipuk.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466184/; classtype:trojan-activity;sid:84329284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466185)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/67271829455.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466185/; classtype:trojan-activity;sid:84329285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/57390845107.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466186/; classtype:trojan-activity;sid:84329286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/45659404876.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466187/; classtype:trojan-activity;sid:84329287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466188/; classtype:trojan-activity;sid:84329288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466189)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/80200009732.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466189/; classtype:trojan-activity;sid:84329289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a657e0c-a872-4028-94b8-811aea249c49/downloads/shl_general_ability_test_answers_reddit.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466190/; classtype:trojan-activity;sid:84329290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06823f9b-45c4-43cb-a44f-1f9f645cebcf/downloads/32406777299.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466175/; classtype:trojan-activity;sid:84329275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466176)"; flow:established,from_client; content:"GET"; http_method; content:"/cemtop"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466176/; classtype:trojan-activity;sid:84329276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/7694747911.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466177/; classtype:trojan-activity;sid:84329277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466178)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/danokubiwen.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466178/; classtype:trojan-activity;sid:84329278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466179)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/xibuvajuxaluvotom.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466179/; classtype:trojan-activity;sid:84329279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/8393439781.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466180/; classtype:trojan-activity;sid:84329280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466170)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/redoripedigi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466170/; classtype:trojan-activity;sid:84329270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466171/; classtype:trojan-activity;sid:84329271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_cancel_print_job_on_zebra_gk420d.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466172/; classtype:trojan-activity;sid:84329272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466173)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466173/; classtype:trojan-activity;sid:84329273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466174)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.lijam.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466174/; classtype:trojan-activity;sid:84329274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.67.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466166/; classtype:trojan-activity;sid:84329266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466167)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/4495387/normal_6007f68edf898.pdf"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"static.s123-cdn-static.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466167/; classtype:trojan-activity;sid:84329267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466168)"; flow:established,from_client; content:"GET"; http_method; content:"/files/b87f808b-825c-4712-88ed-b5166ff578d1/13050104259.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466168/; classtype:trojan-activity;sid:84329268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466169)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b83dcfc0-bbe6-4498-b356-e365ec2ed396/downloads/zofafiba.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466169/; classtype:trojan-activity;sid:84329269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466161)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/les_jours_de_la_semaine_exercices.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466161/; classtype:trojan-activity;sid:84329261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466162)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/90213521835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466162/; classtype:trojan-activity;sid:84329262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466163)"; flow:established,from_client; content:"GET"; http_method; content:"/files/be69e044-ec27-4e10-ad05-ae8bfeb199d2/nisomirapexexumesuzoge.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466163/; classtype:trojan-activity;sid:84329263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.99.116.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466164/; classtype:trojan-activity;sid:84329264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.218.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466165/; classtype:trojan-activity;sid:84329265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/28725733968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466154/; classtype:trojan-activity;sid:84329254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466155)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/a891c0_f91d06d6aa8649cbb9cf7058a07104c1.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"2cfcb734-ec62-4cd9-b61c-03d4762ad765.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466155/; classtype:trojan-activity;sid:84329255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466156)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.bajys.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466156/; classtype:trojan-activity;sid:84329256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466157)"; flow:established,from_client; content:"GET"; http_method; content:"/file/97119ab0-9963-4860-823b-36fbc26a0e34/32366983904.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466157/; classtype:trojan-activity;sid:84329257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466158)"; flow:established,from_client; content:"GET"; http_method; content:"/files/921ae1f1-b3bd-4ca0-99e1-7d612824f61c/leading-minds-an-anatomy-of-leadership-847.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466158/; classtype:trojan-activity;sid:84329258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.92.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466159/; classtype:trojan-activity;sid:84329259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466160/; classtype:trojan-activity;sid:84329260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7aa15cc-b2d1-4fef-8a47-8d7810090a9c/downloads/jenuwegipujodunoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466149/; classtype:trojan-activity;sid:84329249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466150)"; flow:established,from_client; content:"GET"; http_method; content:"/files/4efd2301-bbad-4b12-89f2-32ff17042dfb/61529633685.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466150/; classtype:trojan-activity;sid:84329250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dowuvibatekijutajuvavu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466151/; classtype:trojan-activity;sid:84329251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/14196656823.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466152/; classtype:trojan-activity;sid:84329252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466153)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44a9091e-2134-47ec-8037-250483142ad3/downloads/kenmore_elite_665.12783_k311_service_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466153/; classtype:trojan-activity;sid:84329253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.85.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466141/; classtype:trojan-activity;sid:84329241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466142/; classtype:trojan-activity;sid:84329242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466143)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a15fdb8c-2fac-409a-a833-21fb6631f881/f1ad19f0-1008-42e0-a90d-1879a586b0ca.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466143/; classtype:trojan-activity;sid:84329243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466144)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/50362295282.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466144/; classtype:trojan-activity;sid:84329244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466145)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/navy_uic_code_list.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466145/; classtype:trojan-activity;sid:84329245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.133.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466146/; classtype:trojan-activity;sid:84329246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f2acd38-413e-47a5-ac42-d6305581bfab/downloads/logerafanekox.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466147/; classtype:trojan-activity;sid:84329247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466148)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7c17fb01-80f9-4229-85f3-03dd25ce8846/a4de6290-35c7-4448-b038-3093f24490d3.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466148/; classtype:trojan-activity;sid:84329248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466140)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/zakojamoderuvovu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466140/; classtype:trojan-activity;sid:84329240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/successfactors_recruiting_implementation_guide.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466133/; classtype:trojan-activity;sid:84329233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466134)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/97474238027.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466134/; classtype:trojan-activity;sid:84329234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddcbbbab-f8a6-4067-a450-a2f971a66e79/downloads/daikin_ac_remote_control_guide.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466135/; classtype:trojan-activity;sid:84329235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.33.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466136/; classtype:trojan-activity;sid:84329236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466137)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5f7540f0-a27d-494d-99be-219dbbd6456f/39f13485-d66d-4fdd-a561-4efc79653aca.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466137/; classtype:trojan-activity;sid:84329237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/lebuk.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466138/; classtype:trojan-activity;sid:84329238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466139)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/71642361311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466139/; classtype:trojan-activity;sid:84329239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466126/; classtype:trojan-activity;sid:84329226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466127)"; flow:established,from_client; content:"GET"; http_method; content:"/file/88b7b01a-9ca1-4f70-8d12-1a10592d603e/7399717481.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466127/; classtype:trojan-activity;sid:84329227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466128)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kumujadirifokekikivexe.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466128/; classtype:trojan-activity;sid:84329228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466129)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/4626995/normal_600762ff18948.pdf"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"static.s123-cdn-static.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466129/; classtype:trojan-activity;sid:84329229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466130)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/2818265442.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466130/; classtype:trojan-activity;sid:84329230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466131/; classtype:trojan-activity;sid:84329231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/examenes_psicometricos_pruebas_psicometricas_gratis_para_imp.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466132/; classtype:trojan-activity;sid:84329232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.40.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466118/; classtype:trojan-activity;sid:84329218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.188.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466119/; classtype:trojan-activity;sid:84329219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466120)"; flow:established,from_client; content:"GET"; http_method; content:"/file/696d5ab2-bbe4-4e27-8a1a-ffa3a4d51eae/76835426975.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466120/; classtype:trojan-activity;sid:84329220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.11.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466121/; classtype:trojan-activity;sid:84329221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466122)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4252a31f-7a57-4ac8-a31e-ee71b2361194/downloads/61162239689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466122/; classtype:trojan-activity;sid:84329222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.122.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466123/; classtype:trojan-activity;sid:84329223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466124)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5918d6e0-0ac5-4b44-bc88-2343b35f9820/fitewukufotarewexax.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466124/; classtype:trojan-activity;sid:84329224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/43b3ecff-25d4-4371-99a8-6df485cf4fd5/downloads/amoeba_sisters_classification_worksheet.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466125/; classtype:trojan-activity;sid:84329225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/fundamentals_of_power_supply_design_book.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466115/; classtype:trojan-activity;sid:84329215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466116/; classtype:trojan-activity;sid:84329216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15938565950.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466117/; classtype:trojan-activity;sid:84329217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466107)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5271715-d4c2-447f-bd8c-804dbc17722c/downloads/experience_certificate_format_for_quality_control_engineer.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466107/; classtype:trojan-activity;sid:84329207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466108)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ea8f9b5c-8c7e-4275-ae88-5954987b8cb9/zonegiwifet.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466108/; classtype:trojan-activity;sid:84329208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b7f80b5-fb34-497d-8072-447feb44da09/downloads/lewamagoromizesa.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466109/; classtype:trojan-activity;sid:84329209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/courier_declaration_format.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466110/; classtype:trojan-activity;sid:84329210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.89.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466111/; classtype:trojan-activity;sid:84329211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.137.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466112/; classtype:trojan-activity;sid:84329212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.171.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466113/; classtype:trojan-activity;sid:84329213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466114/; classtype:trojan-activity;sid:84329214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466104)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruripumefenezalizaf.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466104/; classtype:trojan-activity;sid:84329204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.141.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466105/; classtype:trojan-activity;sid:84329205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.35.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466106/; classtype:trojan-activity;sid:84329206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/32a18e69-8d9d-488c-b50f-45023ca24343/downloads/87353354077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466101/; classtype:trojan-activity;sid:84329201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466102)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5a0f6625-747f-4936-a5c5-77441db5fdec/1053b7ed-66ef-4bfa-b20b-a3d9335b428e.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466102/; classtype:trojan-activity;sid:84329202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.58.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466103/; classtype:trojan-activity;sid:84329203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466091)"; flow:established,from_client; content:"GET"; http_method; content:"/file/77e61222-1473-42ca-bfff-ee425927299b/2ce1888e-4b1c-4833-ae4d-ec49f438c668.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466091/; classtype:trojan-activity;sid:84329191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20305303180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466092/; classtype:trojan-activity;sid:84329192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466093)"; flow:established,from_client; content:"GET"; http_method; content:"/file/58fdcb78-d4b6-4e35-b5f9-5d859c3b2a0e/xidopin.pdf"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466093/; classtype:trojan-activity;sid:84329193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466094)"; flow:established,from_client; content:"GET"; http_method; content:"/file/84afc9e0-a3f6-43ec-83ef-cbf64280e50b/f0766920-5a30-4933-835d-85b8e75b5187.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466094/; classtype:trojan-activity;sid:84329194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466095)"; flow:established,from_client; content:"GET"; http_method; content:"/files/039a8880-963f-4652-90c5-9c85fb46e446/dr._cindy_trimm_commanding_your_morning_prayer.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466095/; classtype:trojan-activity;sid:84329195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466096)"; flow:established,from_client; content:"GET"; http_method; content:"/first/setup52301.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.95.73.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466096/; classtype:trojan-activity;sid:84329196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466097)"; flow:established,from_client; content:"GET"; http_method; content:"/files/dda75d3b-5bc6-42b4-9ac8-d855b7714ea6/gowibifosapofapaze.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466097/; classtype:trojan-activity;sid:84329197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466098)"; flow:established,from_client; content:"GET"; http_method; content:"/file/0d87b55c-d585-490c-bf39-6541edebe6d3/lupomovaxoxekadedize.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466098/; classtype:trojan-activity;sid:84329198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/kutapodisub.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466099/; classtype:trojan-activity;sid:84329199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0919b7e4-2541-44dd-b945-9d5e6d22eaf1/downloads/xibegakibojonabawaz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466100/; classtype:trojan-activity;sid:84329200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466080)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f708222a-8db0-426a-b575-087a63f970dd/nupibadowepake.pdf"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466080/; classtype:trojan-activity;sid:84329180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466081)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466081/; classtype:trojan-activity;sid:84329181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.254.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466082/; classtype:trojan-activity;sid:84329182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/doxuwiponubagexotabos.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466083/; classtype:trojan-activity;sid:84329183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466084)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/54308720858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466084/; classtype:trojan-activity;sid:84329184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/gomanelakog.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466085/; classtype:trojan-activity;sid:84329185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466086)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5b78967f-f80f-4ac2-9051-f9aa5de6e91a/41800141248.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466086/; classtype:trojan-activity;sid:84329186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466087)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b8838b58-3958-4403-b214-41ebb1a9408c/83695038046.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466087/; classtype:trojan-activity;sid:84329187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466088)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20220120190836if_/https://uploads.strikinglycdn.com/files/b0540ac5-815e-4909-8298-84c9806edce8/9652748319.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466088/; classtype:trojan-activity;sid:84329188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466089)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/nx_nastran_element_library_reference_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466089/; classtype:trojan-activity;sid:84329189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466090)"; flow:established,from_client; content:"GET"; http_method; content:"/files/9f8a4a6b-b9ba-463f-9ce4-589c8f314875/wujowe.pdf"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466090/; classtype:trojan-activity;sid:84329190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/collibra_expert_i_certification_answers_sheet_download_2017.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466074/; classtype:trojan-activity;sid:84329174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4ec11559-69c0-4903-84a6-3240babfcfe7/downloads/lapagikevipewijumodoru.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466075/; classtype:trojan-activity;sid:84329175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466076)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/formulaire_virement_international_banque_postale.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466076/; classtype:trojan-activity;sid:84329176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466077)"; flow:established,from_client; content:"GET"; http_method; content:"/file/bf677244-b60a-41e7-b267-a5a0410ea232/30049515699.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466077/; classtype:trojan-activity;sid:84329177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/96273346643.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466078/; classtype:trojan-activity;sid:84329178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1feaf4a2-3a85-48bd-b975-ab8d5bcee640/downloads/30816276176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466079/; classtype:trojan-activity;sid:84329179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466068)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a202951c-004a-43c9-9db6-ba25b9caa16e/03616fd9-2e85-408e-8edc-b7bfc12a0013.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466068/; classtype:trojan-activity;sid:84329168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466069)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a189f30c-930a-4ea6-a439-dc438c7e4b33/wegawazuguludon.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466069/; classtype:trojan-activity;sid:84329169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/rent_brokerage_receipt_format_word.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466070/; classtype:trojan-activity;sid:84329170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466071)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8439ca10-a5ac-4299-aa09-54ab615a2090/downloads/bozagororaxurivir.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466071/; classtype:trojan-activity;sid:84329171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/54016191818.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466072/; classtype:trojan-activity;sid:84329172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f0d27cad-ce96-47a4-a6b6-d00149677212/downloads/87562723190.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466073/; classtype:trojan-activity;sid:84329173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/swot_analysis_for_poultry_farming.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466066/; classtype:trojan-activity;sid:84329166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/bosokoxa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466067/; classtype:trojan-activity;sid:84329167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/69034861186.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466063/; classtype:trojan-activity;sid:84329163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466064)"; flow:established,from_client; content:"GET"; http_method; content:"/file/50771e30-1823-4700-9741-162e2900ba23/selopusezu.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466064/; classtype:trojan-activity;sid:84329164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/14962502915.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466065/; classtype:trojan-activity;sid:84329165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/42589334771.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466060/; classtype:trojan-activity;sid:84329160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.46.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466061/; classtype:trojan-activity;sid:84329161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466062)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c19efaa3-eded-47d2-b406-546bac538d1f/d4d7fccd-dad3-4a68-ae15-06e40c2a7732.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466062/; classtype:trojan-activity;sid:84329162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/banksman_hand_signals.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466054/; classtype:trojan-activity;sid:84329154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/5985868832.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466055/; classtype:trojan-activity;sid:84329155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466056)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/voter_list_delhi_2018.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466056/; classtype:trojan-activity;sid:84329156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466057/; classtype:trojan-activity;sid:84329157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99737319160.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466058/; classtype:trojan-activity;sid:84329158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466059)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c4ab9183-42b7-49bb-b1fe-3854d5aa4740/bojigujisigenumemut.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466059/; classtype:trojan-activity;sid:84329159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466044)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6a2fa336-9c9e-4864-beb0-ae253b1356ba/maxodeduruz.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466044/; classtype:trojan-activity;sid:84329144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466045)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/71653623394.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466045/; classtype:trojan-activity;sid:84329145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466046)"; flow:established,from_client; content:"GET"; http_method; content:"/files/73df7115-5f6c-445b-99b2-c2693fa18a32/quantitative_equity_portfolio_management_modern_techniques_and_applications.pdf"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466046/; classtype:trojan-activity;sid:84329146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466047)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/testing_and_commissioning_of_electrical_equipment.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466047/; classtype:trojan-activity;sid:84329147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466048)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ffc09a0-c9a4-4762-8145-43798f2fda71/downloads/back_to_work_from_maternity_leave_email.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466048/; classtype:trojan-activity;sid:84329148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/xepaxijaniwitofoxipoja.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466049/; classtype:trojan-activity;sid:84329149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466050)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7eef2ff8-49fe-4666-ac15-b2b2cb69a90c/42944581702.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466050/; classtype:trojan-activity;sid:84329150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de43da9e-bc77-4e56-a909-0e72ba746cf9/downloads/electricity_bill_name_change_noc_format.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466051/; classtype:trojan-activity;sid:84329151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/formulaire_ordre_de_virement_banque_postale.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466052/; classtype:trojan-activity;sid:84329152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/76135669664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466053/; classtype:trojan-activity;sid:84329153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466038)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fb5b44aa-c863-4edb-9f0f-aa0ed124e461/nolokufabeguzob.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466038/; classtype:trojan-activity;sid:84329138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466039)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23ec0b56-0ae7-4e41-8565-08e517b0b386/downloads/gatamalepuberik.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466039/; classtype:trojan-activity;sid:84329139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466040)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/97106569323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466040/; classtype:trojan-activity;sid:84329140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466041)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e3d230e-4918-4f4b-8a10-8ee933aabcaf/downloads/99772344048.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466041/; classtype:trojan-activity;sid:84329141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.190.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466042/; classtype:trojan-activity;sid:84329142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466043)"; flow:established,from_client; content:"GET"; http_method; content:"/file/3c0171f8-80e3-40c8-9cd7-49bb64e5d5b4/25176706059.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466043/; classtype:trojan-activity;sid:84329143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466035)"; flow:established,from_client; content:"GET"; http_method; content:"/file/4bb217a0-a331-4aa5-b634-5fb79dbd145f/842eda48-e08c-4aff-a34c-fbf3f675f420.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466035/; classtype:trojan-activity;sid:84329135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.115.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466036/; classtype:trojan-activity;sid:84329136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/wapurexep.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466037/; classtype:trojan-activity;sid:84329137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466029)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"whcms.greendreamcannabis.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466029/; classtype:trojan-activity;sid:84329129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.85.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466030/; classtype:trojan-activity;sid:84329130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.84.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466031/; classtype:trojan-activity;sid:84329131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19668bf7-0111-4cbb-8050-06562ac08bba/downloads/steps_to_create_template_instance_in_tosca.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466032/; classtype:trojan-activity;sid:84329132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/bidoxefemoduxunirez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466033/; classtype:trojan-activity;sid:84329133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466034)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/88817028453.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466034/; classtype:trojan-activity;sid:84329134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.165.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466026/; classtype:trojan-activity;sid:84329126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/job_work_challan_format_in_excel.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466027/; classtype:trojan-activity;sid:84329127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466028)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34794329-fa5b-49f8-8f60-fb0720b1e556/downloads/14476765670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466028/; classtype:trojan-activity;sid:84329128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/resignation_letter_template_family_reasons.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466015/; classtype:trojan-activity;sid:84329115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/14431999044.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466016/; classtype:trojan-activity;sid:84329116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466017)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/21303726077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466017/; classtype:trojan-activity;sid:84329117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/minupawuferogu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466018/; classtype:trojan-activity;sid:84329118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466019)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c232ec79-faa2-491b-b0f4-8945a944f79b/24425ba1-4f94-4236-adca-4e3332fad63b.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466019/; classtype:trojan-activity;sid:84329119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b071d266-376f-40c9-bb70-11ca77d8051b/downloads/36008974689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466020/; classtype:trojan-activity;sid:84329120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466021)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/60919645191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466021/; classtype:trojan-activity;sid:84329121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/audit_professional_clearance_letter_template.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466022/; classtype:trojan-activity;sid:84329122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30072850819.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466023/; classtype:trojan-activity;sid:84329123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/75213021290.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466024/; classtype:trojan-activity;sid:84329124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/law-making_process_in_zimbabwe.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466025/; classtype:trojan-activity;sid:84329125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466010)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f94d96a5-afb0-4b2a-a00b-d03816436fc4/suwaselimidu.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466010/; classtype:trojan-activity;sid:84329110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/363b8b8c-bdd6-4ad7-ac6c-ba65cd60171b/downloads/abaqus_user_subroutine_reference_guide.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466011/; classtype:trojan-activity;sid:84329111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.245.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466012/; classtype:trojan-activity;sid:84329112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466013/; classtype:trojan-activity;sid:84329113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/85845004614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466014/; classtype:trojan-activity;sid:84329114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466005)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/genuwafazapibiwinowafal.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466005/; classtype:trojan-activity;sid:84329105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20322886839.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466006/; classtype:trojan-activity;sid:84329106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.189.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466007/; classtype:trojan-activity;sid:84329107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gagibipawuzepakan.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466008/; classtype:trojan-activity;sid:84329108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.189.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466009/; classtype:trojan-activity;sid:84329109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466001)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e1d3b534-0802-4267-b904-b85c6fb2b941/65879773226.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466001/; classtype:trojan-activity;sid:84329101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/sample_authorization_letter_to_get_psa_marriage_certificate.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466002/; classtype:trojan-activity;sid:84329102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.82.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466003/; classtype:trojan-activity;sid:84329103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466004/; classtype:trojan-activity;sid:84329104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/8517821794.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465993/; classtype:trojan-activity;sid:84329093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465994)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/padanad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465994/; classtype:trojan-activity;sid:84329094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465995)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9971747c-d991-46ae-b932-5ba73958e604/downloads/fojajexuretimototatoles.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465995/; classtype:trojan-activity;sid:84329095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mosodekasaxozebopajebibe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465996/; classtype:trojan-activity;sid:84329096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/30164245456.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465997/; classtype:trojan-activity;sid:84329097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.232.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465998/; classtype:trojan-activity;sid:84329098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f264223f-22e7-47f1-947d-9e365a75e217/downloads/96358679127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465999/; classtype:trojan-activity;sid:84329099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f65856df-6ee2-426f-901a-fbcb5106e767/downloads/22057173676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466000/; classtype:trojan-activity;sid:84329100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.88.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465982/; classtype:trojan-activity;sid:84329082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465983)"; flow:established,from_client; content:"GET"; http_method; content:"/files/f3d4c299-4e78-44dd-9741-5149ea6651e7/how_to_use_ba_ii_plus_to_calculate_pv.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465983/; classtype:trojan-activity;sid:84329083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/butterfly_roof_construction_detail.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465984/; classtype:trojan-activity;sid:84329084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/baxejatoxenidomixidedax.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465985/; classtype:trojan-activity;sid:84329085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/17465496427.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465986/; classtype:trojan-activity;sid:84329086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.99.116.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465987/; classtype:trojan-activity;sid:84329087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.207.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465988/; classtype:trojan-activity;sid:84329088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/zabefenakozevopesomewazi.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465989/; classtype:trojan-activity;sid:84329089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465990)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/zoromipubadijivonexon.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465990/; classtype:trojan-activity;sid:84329090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/jaladimurefasetuzukiwaxit.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465991/; classtype:trojan-activity;sid:84329091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wofalobomosotanavuze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465992/; classtype:trojan-activity;sid:84329092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465979)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5a64665c-92a5-43ae-b002-6a1f7b176b04/7301edc3-9ddd-4282-9a79-58cb81b38e35.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465979/; classtype:trojan-activity;sid:84329079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465980)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0d21a9d5-01df-4a9e-9327-883996b2f71d/downloads/ansi_electrical_symbols_standards.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465980/; classtype:trojan-activity;sid:84329080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.18.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465981/; classtype:trojan-activity;sid:84329081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465978)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7ae13639-8b36-4ff0-869c-4bbe4b427cec/63360787968.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465978/; classtype:trojan-activity;sid:84329078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465974)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a435afa7-bc93-481f-8a35-ce503cc8a972/downloads/sri_rudram_namakam_chamakam_tamil.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465974/; classtype:trojan-activity;sid:84329074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/tumiwujuluxuwaxi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465975/; classtype:trojan-activity;sid:84329075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465976)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7666c146-3fe0-45de-8fd8-aa2472a496bc/bipofu.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465976/; classtype:trojan-activity;sid:84329076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465977)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/denutetoraditut.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465977/; classtype:trojan-activity;sid:84329077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465960)"; flow:established,from_client; content:"GET"; http_method; content:"/file/48ec6773-0ca1-469c-bc81-fe4c6871d6f8/088a8e87-7288-4d55-a7a0-b34063691249.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465960/; classtype:trojan-activity;sid:84329060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465961)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/bifidetogatovotuwideki.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465961/; classtype:trojan-activity;sid:84329061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465962)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/baroque_guitar_tab.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465962/; classtype:trojan-activity;sid:84329062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465963)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7f34267e-2563-449a-82e3-60f19988c45d/downloads/lic_jeevan_saral_plan_165_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465963/; classtype:trojan-activity;sid:84329063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465964)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fdc5ec2a-e989-4b2a-995a-d1aca0c8ce1d/powitogixuro.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465964/; classtype:trojan-activity;sid:84329064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465965)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/69187265192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465965/; classtype:trojan-activity;sid:84329065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465966/; classtype:trojan-activity;sid:84329066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465967)"; flow:established,from_client; content:"GET"; http_method; content:"/files/947396e3-3b6f-4036-9e93-a22b61789187/pakirisomosit.pdf"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465967/; classtype:trojan-activity;sid:84329067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d551812a-3c47-48f1-bc1d-3ac42c3f246c/downloads/rigumudusogepivana.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465968/; classtype:trojan-activity;sid:84329068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/5528845131.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465969/; classtype:trojan-activity;sid:84329069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465970/; classtype:trojan-activity;sid:84329070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/74129229699.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465971/; classtype:trojan-activity;sid:84329071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/cancionero_catolico_jesed.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465972/; classtype:trojan-activity;sid:84329072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465973)"; flow:established,from_client; content:"GET"; http_method; content:"/keybinder.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.amako.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465973/; classtype:trojan-activity;sid:84329073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465956)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6236ddf2-55e1-4db3-b509-657f9a2c5e34/16495883112.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465956/; classtype:trojan-activity;sid:84329056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/historietas_del_medio_ambiente_largas.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465957/; classtype:trojan-activity;sid:84329057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465958)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6829ac36-4fae-48fa-84e2-8d42d5405cdd/97539125887.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465958/; classtype:trojan-activity;sid:84329058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465959)"; flow:established,from_client; content:"GET"; http_method; content:"/files/b09bd8d4-b9ac-4e4a-8628-1b34c8e1eb37/67486044001.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465959/; classtype:trojan-activity;sid:84329059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.126.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465954/; classtype:trojan-activity;sid:84329054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465955)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/62049175170.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465955/; classtype:trojan-activity;sid:84329055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.147.40.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465948/; classtype:trojan-activity;sid:84329048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465949)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/10908647555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465949/; classtype:trojan-activity;sid:84329049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.226.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465950/; classtype:trojan-activity;sid:84329050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/maxabamuxixotabevifutiw.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465951/; classtype:trojan-activity;sid:84329051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.249.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465952/; classtype:trojan-activity;sid:84329052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465953)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/downgrade_oracle_database_from_19c_to_11g.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465953/; classtype:trojan-activity;sid:84329053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465942)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ba9b549d-a804-4d13-a818-3c55b3524acd/downloads/75189909272.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465942/; classtype:trojan-activity;sid:84329042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.55.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465943/; classtype:trojan-activity;sid:84329043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.121.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465944/; classtype:trojan-activity;sid:84329044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465945)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/individual_development_plan_powerpoint_template.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465945/; classtype:trojan-activity;sid:84329045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/64954946228.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465946/; classtype:trojan-activity;sid:84329046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.62.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465947/; classtype:trojan-activity;sid:84329047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465939)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/bapozujipo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465939/; classtype:trojan-activity;sid:84329039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.188.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465940/; classtype:trojan-activity;sid:84329040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465941)"; flow:established,from_client; content:"GET"; http_method; content:"/file/6d52a51d-00f2-40ce-b056-04a3bcf6ccd4/jifipagusizidolimumufad.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465941/; classtype:trojan-activity;sid:84329041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465928)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f5797f6a-d314-48c4-a36e-c4d0eae1670d/36300353241.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465928/; classtype:trojan-activity;sid:84329028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465929)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/wxpyyfnmkl6ehfi/linkin_park.mp3/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465929/; classtype:trojan-activity;sid:84329029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465930)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b5bf0fe3-4b48-42b4-b9cd-9584c566ef9b/31182745172.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465930/; classtype:trojan-activity;sid:84329030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4872c6d8-aa46-4e32-b809-43d741337793/downloads/74841624584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465931/; classtype:trojan-activity;sid:84329031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465932)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a90d4c9-f215-49ec-8178-8e50febf5250/downloads/tedutogonisijetinikiw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465932/; classtype:trojan-activity;sid:84329032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/wipofuta.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465933/; classtype:trojan-activity;sid:84329033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465934)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ef67effc-f587-4a00-b122-77d20be0c182/34286560467.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465934/; classtype:trojan-activity;sid:84329034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4cb1e8a7-0f1a-4c3a-ae4d-65ac09f78b80/downloads/fenekipejivatoxeni.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465935/; classtype:trojan-activity;sid:84329035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465936)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ba4240ca-2b60-4241-9f87-5ce413445490/d474edff-6a14-451f-a77e-523c80a03466.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465936/; classtype:trojan-activity;sid:84329036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/wolarodipuxusisug.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465937/; classtype:trojan-activity;sid:84329037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c3be0091-4534-4191-a72e-570acc745d3e/downloads/attestation_de_prise_en_charge_tlscontact.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465938/; classtype:trojan-activity;sid:84329038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465921)"; flow:established,from_client; content:"GET"; http_method; content:"/file/077493f0-71fc-411d-904c-6b1c44054a1d/9507bf1e-710a-4401-938a-3b48a4d2d8b1.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465921/; classtype:trojan-activity;sid:84329021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465922)"; flow:established,from_client; content:"GET"; http_method; content:"/file/f98c5ee6-beb0-43df-aa93-f8dbebb3044e/zatifewulalerevekupeberer.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465922/; classtype:trojan-activity;sid:84329022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.62.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465923/; classtype:trojan-activity;sid:84329023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa4295b9-8c98-4187-bbf8-91c9d7ce5f9e/downloads/89606848887.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465924/; classtype:trojan-activity;sid:84329024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465925)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"uploadp2p.publicvm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465925/; classtype:trojan-activity;sid:84329025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465926)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44d0963d-ba71-4620-abdb-e3c6631b392b/downloads/balance_confirmation_letter_format_in_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465926/; classtype:trojan-activity;sid:84329026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465927)"; flow:established,from_client; content:"GET"; http_method; content:"/file/77285a35-a935-4f1c-84be-1f043f392699/xedeponeb.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465927/; classtype:trojan-activity;sid:84329027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/rollo_tomassi_the_rational_male_turkce.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465912/; classtype:trojan-activity;sid:84329012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465913)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.140.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465913/; classtype:trojan-activity;sid:84329013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465914)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800bda9c-ed1b-45a1-a7d5-702e4e14f980/downloads/pmp_42_processes_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465914/; classtype:trojan-activity;sid:84329014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/86917927693.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465915/; classtype:trojan-activity;sid:84329015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/methodologie_du_commentaire_compose_francais.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465916/; classtype:trojan-activity;sid:84329016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465917/; classtype:trojan-activity;sid:84329017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465918)"; flow:established,from_client; content:"GET"; http_method; content:"/okami.sparc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.200.78.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465918/; classtype:trojan-activity;sid:84329018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gauss_elimination_method_example_with_solution.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465919/; classtype:trojan-activity;sid:84329019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465920/; classtype:trojan-activity;sid:84329020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5f03ee03-a319-4a1e-a052-a99710c59365/downloads/bujulodipesotixugakujup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465910/; classtype:trojan-activity;sid:84329010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465911)"; flow:established,from_client; content:"GET"; http_method; content:"/files/24d2fc10-d35f-4aaa-8373-4a71772e67b3/45684356504.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465911/; classtype:trojan-activity;sid:84329011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465906)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/hsbc_bank_statement.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465906/; classtype:trojan-activity;sid:84329006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.54.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465907/; classtype:trojan-activity;sid:84329007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.58.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465908/; classtype:trojan-activity;sid:84329008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/94e1955e-c7d2-4e11-a6ac-7a5ec652d6cd/downloads/suzuki_dt4_owners_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465909/; classtype:trojan-activity;sid:84329009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.21.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465901/; classtype:trojan-activity;sid:84329001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465902)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ae808637-cda1-4aca-a1ba-fe98a2f5bda8/tecknet_x366_keyboard_manual.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465902/; classtype:trojan-activity;sid:84329002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f5eeb54-04ec-4a30-bb55-41e413d1f3ed/downloads/open_pit_mine_planning_and_design.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465903/; classtype:trojan-activity;sid:84329003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ceb9a026-f6c4-4e26-a968-d8e0e8d06aaa/downloads/tevedowopalugafaxoro.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465904/; classtype:trojan-activity;sid:84329004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adb32098-1c7a-4519-9e53-ced990fc5d88/downloads/kuniwuzujujurejovewo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465905/; classtype:trojan-activity;sid:84329005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465899)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ed4af39d-06bc-489a-acf9-f9ea1a20c627/16576214330.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465899/; classtype:trojan-activity;sid:84328999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465900)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8fc34c2c-4e9e-4207-b8f1-91e39bfa5104/posiputusudixomi.pdf"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465900/; classtype:trojan-activity;sid:84329000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.119.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465895/; classtype:trojan-activity;sid:84328995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465896)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/76236294804.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465896/; classtype:trojan-activity;sid:84328996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/pamolitix.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465897/; classtype:trojan-activity;sid:84328997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/42508658220.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465898/; classtype:trojan-activity;sid:84328998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.147.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465884/; classtype:trojan-activity;sid:84328984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sotax_at_xtend_user_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465885/; classtype:trojan-activity;sid:84328985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465886)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/wovivesapo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465886/; classtype:trojan-activity;sid:84328986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.89.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465887/; classtype:trojan-activity;sid:84328987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465888)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sample_consent_letter_from_husband_for_wife_to_travel.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465888/; classtype:trojan-activity;sid:84328988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465889)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/formulaire_renouvellement_titre_de_sejour_yvelines.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465889/; classtype:trojan-activity;sid:84328989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.226.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465890/; classtype:trojan-activity;sid:84328990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465891)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/98599689697.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465891/; classtype:trojan-activity;sid:84328991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465892)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/92007305293.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465892/; classtype:trojan-activity;sid:84328992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/duff_phelps_size_premium.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465893/; classtype:trojan-activity;sid:84328993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465894)"; flow:established,from_client; content:"GET"; http_method; content:"/nvitpj"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465894/; classtype:trojan-activity;sid:84328994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9213334f-b8c6-41b2-903d-dc8cc5791a0a/downloads/49429599069.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465881/; classtype:trojan-activity;sid:84328981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/22187922858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465882/; classtype:trojan-activity;sid:84328982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465883/; classtype:trojan-activity;sid:84328983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/nafexasu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465876/; classtype:trojan-activity;sid:84328976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.16.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465877/; classtype:trojan-activity;sid:84328977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465878)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99401481523.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465878/; classtype:trojan-activity;sid:84328978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465879)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/harry_potter_ea_camara_secreta_ilustrado.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465879/; classtype:trojan-activity;sid:84328979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465880)"; flow:established,from_client; content:"GET"; http_method; content:"/files/be105007-f6bc-402d-b064-4800c83d12d5/users_by_complex_selection_criteria_tcode.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465880/; classtype:trojan-activity;sid:84328980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465869)"; flow:established,from_client; content:"GET"; http_method; content:"/files/f6f37057-f6bd-452a-945a-30e4b2a99b87/de-zeven-zussen-5-maan-76.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465869/; classtype:trojan-activity;sid:84328969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/all_gujarati_magazine.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465870/; classtype:trojan-activity;sid:84328970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465871)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/34103705134.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465871/; classtype:trojan-activity;sid:84328971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/nagpur_metro_phase_2_dpr.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465872/; classtype:trojan-activity;sid:84328972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/99406712648.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465873/; classtype:trojan-activity;sid:84328973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465874)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96d7062c-715f-4c9e-82c2-ac322bf04d1a/downloads/fawafep.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465874/; classtype:trojan-activity;sid:84328974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/28185631859.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465875/; classtype:trojan-activity;sid:84328975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465865)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/renamotoxuxesike.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465865/; classtype:trojan-activity;sid:84328965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/wixutazavadupiruzani.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465866/; classtype:trojan-activity;sid:84328966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.84.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465867/; classtype:trojan-activity;sid:84328967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465868)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fe5e8c3e-ff3d-4bff-b834-46e4b8b2ad10/65d6f452-9b65-473c-b468-0ea3ecc446ad.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465868/; classtype:trojan-activity;sid:84328968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465858)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5a86bea0-f065-4ac9-bf28-ffc3894abf67/wagaresakasumivibo.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465858/; classtype:trojan-activity;sid:84328958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.72.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465859/; classtype:trojan-activity;sid:84328959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465860)"; flow:established,from_client; content:"GET"; http_method; content:"/files/f485d008-72f4-42be-8696-5b49fe1c03f9/60863703641.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465860/; classtype:trojan-activity;sid:84328960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465861)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2ff0f586-9c75-4fa3-91b3-3b0ec7f7dfb6/89519372199.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465861/; classtype:trojan-activity;sid:84328961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465862)"; flow:established,from_client; content:"GET"; http_method; content:"/file/38372c87-12fb-4b29-8575-285acd69f5cc/ludafadixudabuvi.pdf"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465862/; classtype:trojan-activity;sid:84328962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465863)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2dea44ae-938d-4b0a-9401-71c104634ec7/50381954101.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465863/; classtype:trojan-activity;sid:84328963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/vixodamev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465864/; classtype:trojan-activity;sid:84328964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465851)"; flow:established,from_client; content:"GET"; http_method; content:"/file/00a7fc60-9566-4b14-afb1-5a88fedeb4ac/nexinifuvapajow.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465851/; classtype:trojan-activity;sid:84328951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pulse_secure_network_error_1329.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465852/; classtype:trojan-activity;sid:84328952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/cibse_psychrometric_chart.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465853/; classtype:trojan-activity;sid:84328953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.118.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465854/; classtype:trojan-activity;sid:84328954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.217.43.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465855/; classtype:trojan-activity;sid:84328955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465856)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ae83aca4-7d05-4671-8c30-796924cc0ba7/nsx_reference_design_guide_3.0.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465856/; classtype:trojan-activity;sid:84328956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465857)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/citrix_adc_vpx_datasheet.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465857/; classtype:trojan-activity;sid:84328957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cac64821-2205-4248-abd9-55e775312c94/downloads/rosigamosusen.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465847/; classtype:trojan-activity;sid:84328947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/fosofiboma.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465848/; classtype:trojan-activity;sid:84328948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.143.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465849/; classtype:trojan-activity;sid:84328949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465850)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/600b6853-9b14-40c4-b9d1-c0a10f9ad1eb/downloads/mathematics_core_topics_sl.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465850/; classtype:trojan-activity;sid:84328950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465842)"; flow:established,from_client; content:"GET"; http_method; content:"/file/39744bf6-cbe1-4898-ba3d-51129467b808/99667753615.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465842/; classtype:trojan-activity;sid:84328942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6e0acf5f-e652-447e-8a3a-90dcb81c48ee/downloads/loan_cancellation_letter.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465843/; classtype:trojan-activity;sid:84328943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465844)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/workplace_printable_hurt_feelings_report.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465844/; classtype:trojan-activity;sid:84328944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465845/; classtype:trojan-activity;sid:84328945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465846)"; flow:established,from_client; content:"GET"; http_method; content:"/file/952e3142-2eed-47f9-b1a0-1d30b796a76e/gebugomafibodesa.pdf"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465846/; classtype:trojan-activity;sid:84328946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/58616986475.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465833/; classtype:trojan-activity;sid:84328933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465834)"; flow:established,from_client; content:"GET"; http_method; content:"/files/3a4c3607-7524-4d5b-8a9b-1ab91c6dfb07/7954288731.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465834/; classtype:trojan-activity;sid:84328934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465835)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/one_of_us_is_lying_character_quotes.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465835/; classtype:trojan-activity;sid:84328935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.13.248.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465836/; classtype:trojan-activity;sid:84328936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465837)"; flow:established,from_client; content:"GET"; http_method; content:"/files/c1235d87-d41a-4db9-aad4-9f9317619c1b/54674123799.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465837/; classtype:trojan-activity;sid:84328937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.214.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465838/; classtype:trojan-activity;sid:84328938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/jewuzikilodejosowar.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465839/; classtype:trojan-activity;sid:84328939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465840)"; flow:established,from_client; content:"GET"; http_method; content:"/file/cf1daf3c-d37b-4a8a-bdca-b630b87efb3f/04ed2e7e-9962-4dcb-828c-b733fbb355bf.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465840/; classtype:trojan-activity;sid:84328940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465841/; classtype:trojan-activity;sid:84328941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465824)"; flow:established,from_client; content:"GET"; http_method; content:"/file/117e343b-6100-4337-a7fd-a2313f0a773a/marirulojesakolib.pdf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465824/; classtype:trojan-activity;sid:84328924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465825)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72fc6eb8-20de-4439-bced-6bfc7eecaa8e/downloads/bogev.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465825/; classtype:trojan-activity;sid:84328925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465826)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58b13a51-176b-4b7e-ab1e-a0c84e7a5487/downloads/currency_market_mechanics_bmc_answers.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465826/; classtype:trojan-activity;sid:84328926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/018aefd4-3541-4598-a5c3-d0911ca60a82/downloads/asce_7-05_espanol_gratis.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465827/; classtype:trojan-activity;sid:84328927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tifunakarexefeguwitoda.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465828/; classtype:trojan-activity;sid:84328928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465829)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06a2cc2e-f4bb-4ca4-a0d9-71e2fc8b7812/downloads/molaxoxekex.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465829/; classtype:trojan-activity;sid:84328929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/iata_airport_handling_manual_2019_full.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465830/; classtype:trojan-activity;sid:84328930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c1bf3ae2-f6cc-4078-b639-2ff1ca0b62be/downloads/1172286111.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465831/; classtype:trojan-activity;sid:84328931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/euchre_score_sheets_for_16_players.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465832/; classtype:trojan-activity;sid:84328932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465820)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dungeon_crawl_classics.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465820/; classtype:trojan-activity;sid:84328920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.42.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465821/; classtype:trojan-activity;sid:84328921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465822)"; flow:established,from_client; content:"GET"; http_method; content:"/file/cf517a3d-cc06-4931-a821-c5f06943ad30/jamimoxujozupegiparop.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465822/; classtype:trojan-activity;sid:84328922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465823/; classtype:trojan-activity;sid:84328923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465816)"; flow:established,from_client; content:"GET"; http_method; content:"/files/66ce7235-7e99-4bfb-8d06-de7c8a1f6671/46122712470.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465816/; classtype:trojan-activity;sid:84328916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465817/; classtype:trojan-activity;sid:84328917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465818)"; flow:established,from_client; content:"GET"; http_method; content:"/file/813db75f-716d-4ec2-87f9-f315e0c01fc8/fokotabowisukinopufasafu.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465818/; classtype:trojan-activity;sid:84328918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.223.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465819/; classtype:trojan-activity;sid:84328919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.246.116.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465803/; classtype:trojan-activity;sid:84328903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465804)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/69904656893.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465804/; classtype:trojan-activity;sid:84328904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.127.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465805/; classtype:trojan-activity;sid:84328905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465806)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/emmaus_walk_letters_of_encouragement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465806/; classtype:trojan-activity;sid:84328906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465807)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ba076da4-e485-4c2a-b04b-6500a3d2a533/43032007816.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465807/; classtype:trojan-activity;sid:84328907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.171.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465808/; classtype:trojan-activity;sid:84328908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465809)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fc635392-61de-40bc-86f0-c9844fcf30fd/downloads/gramatica_portugues_brasil.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465809/; classtype:trojan-activity;sid:84328909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465810)"; flow:established,from_client; content:"GET"; http_method; content:"/file/913913b6-24c9-491e-b431-4621ac72d48a/xokebawegejixebele.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465810/; classtype:trojan-activity;sid:84328910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465811)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20231202090504if_/https://img1.wsimg.com/blobby/go/26fc9bcf-ab3e-485a-9229-f4b5ff23d9d8/downloads/55556666332.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465811/; classtype:trojan-activity;sid:84328911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465812)"; flow:established,from_client; content:"GET"; http_method; content:"/file/bbda5ba4-8eb2-4e17-8249-86603caf8c11/76521599745.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465812/; classtype:trojan-activity;sid:84328912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.65.26.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465813/; classtype:trojan-activity;sid:84328913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/647bfca3-c5f6-48a0-9ec3-35afde17c6e3/downloads/gamokul.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465814/; classtype:trojan-activity;sid:84328914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465815)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa284320-69aa-45db-92e2-86468d4beaf0/downloads/53174458267.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465815/; classtype:trojan-activity;sid:84328915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465795)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/nike_employee_benefits.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465795/; classtype:trojan-activity;sid:84328895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465796)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6598ea2-e266-47e1-ba10-b9552e811b79/downloads/baxubomatuwipuzaxutako.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465796/; classtype:trojan-activity;sid:84328896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465797)"; flow:established,from_client; content:"GET"; http_method; content:"/file/574968fa-554d-4b2f-8f72-cfa296d82ffd/wajerej.pdf"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465797/; classtype:trojan-activity;sid:84328897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/97767745983.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465798/; classtype:trojan-activity;sid:84328898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/country_of_origin_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465799/; classtype:trojan-activity;sid:84328899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.79.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465800/; classtype:trojan-activity;sid:84328900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465801)"; flow:established,from_client; content:"GET"; http_method; content:"/file/93d02b68-7ea7-45c5-ab61-6a32b35ac9b7/28f057b6-792d-4c92-a276-72fa3ec9c0a6.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465801/; classtype:trojan-activity;sid:84328901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/39834772333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465802/; classtype:trojan-activity;sid:84328902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.217.43.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465793/; classtype:trojan-activity;sid:84328893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.105.144.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465794/; classtype:trojan-activity;sid:84328894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465789)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5f8424df-49b5-4bff-83f2-d6208e12f2bf/2e47616b-68ae-4d4e-867d-3cb30df3bc4c.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465789/; classtype:trojan-activity;sid:84328889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rofaruzev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465790/; classtype:trojan-activity;sid:84328890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/verismo_701_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465791/; classtype:trojan-activity;sid:84328891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rodudiniruzawame.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465792/; classtype:trojan-activity;sid:84328892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465783)"; flow:established,from_client; content:"GET"; http_method; content:"/file/e75d1f9a-9bd5-4660-850f-cbaa81a86149/dijab.pdf"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465783/; classtype:trojan-activity;sid:84328883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.227.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465784/; classtype:trojan-activity;sid:84328884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465785)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3c8f7a45-f68c-4369-8f63-be6429599400/downloads/butulanimirovubeve.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465785/; classtype:trojan-activity;sid:84328885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/gisewonivikamadoliwozuv.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465786/; classtype:trojan-activity;sid:84328886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d1335ae9-6401-4997-a89d-ffce5d766eb7/downloads/44332900662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465787/; classtype:trojan-activity;sid:84328887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.104.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465788/; classtype:trojan-activity;sid:84328888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/nagano_keiki_km10.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465779/; classtype:trojan-activity;sid:84328879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465780)"; flow:established,from_client; content:"GET"; http_method; content:"/first/setup52301.ms"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"625348.na2.to"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465780/; classtype:trojan-activity;sid:84328880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/76488986948.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465781/; classtype:trojan-activity;sid:84328881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac62f849-5623-435a-93ad-86e4d8edc83e/downloads/90625111849.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465782/; classtype:trojan-activity;sid:84328882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72445144906.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465772/; classtype:trojan-activity;sid:84328872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/wrightbus_streetlite_manual.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465773/; classtype:trojan-activity;sid:84328873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465774)"; flow:established,from_client; content:"GET"; http_method; content:"/file/748d8549-2f79-4704-98ed-b918dbfa9fbb/c7d956a7-1124-46dc-9de7-4404c235f003.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465774/; classtype:trojan-activity;sid:84328874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465775)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2096fca9-60e5-4099-9bad-b1fa87ba1a09/vagumugazasiwagevubuwis.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465775/; classtype:trojan-activity;sid:84328875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465776)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/waste_management_in_dubai.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465776/; classtype:trojan-activity;sid:84328876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/chevening_scholarship_reference_letter_sample.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465777/; classtype:trojan-activity;sid:84328877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/14409296375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465778/; classtype:trojan-activity;sid:84328878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465766)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/unit_conversion_practice_problems.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465766/; classtype:trojan-activity;sid:84328866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465767)"; flow:established,from_client; content:"GET"; http_method; content:"/files/00bc6882-5cba-4d90-9574-b8329dabca40/49879913257.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465767/; classtype:trojan-activity;sid:84328867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/11197801286.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465768/; classtype:trojan-activity;sid:84328868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465769)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/41229957036.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465769/; classtype:trojan-activity;sid:84328869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465770/; classtype:trojan-activity;sid:84328870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/konujidav.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465771/; classtype:trojan-activity;sid:84328871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.182.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465759/; classtype:trojan-activity;sid:84328859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465760)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/burijuterapudupelirebi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465760/; classtype:trojan-activity;sid:84328860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a85f54ee-11f7-4ab3-9970-dabd8f52d583/downloads/vowivovabafases.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465761/; classtype:trojan-activity;sid:84328861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/acb19439-02ad-48ae-a6e4-8c3bfce04694/downloads/32470708569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465762/; classtype:trojan-activity;sid:84328862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xikesoxabafubuwepof.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465763/; classtype:trojan-activity;sid:84328863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/2251478862.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465764/; classtype:trojan-activity;sid:84328864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465765)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9d0d7648-4006-4e9a-bf4e-cd4f5c534844/downloads/socomec_ups_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465765/; classtype:trojan-activity;sid:84328865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465757)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6098867423.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465757/; classtype:trojan-activity;sid:84328857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_write_an_introduction_letter_to_an_embassy.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465758/; classtype:trojan-activity;sid:84328858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465754)"; flow:established,from_client; content:"GET"; http_method; content:"/files/39884574-ca69-48b1-9b70-8b44d15c60da/mathematical_statistics_with_applications_7th_ed._wackerly_mendenhall_and_scheaffer_duxbury.pdf"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465754/; classtype:trojan-activity;sid:84328854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/38265042738.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465755/; classtype:trojan-activity;sid:84328855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465756/; classtype:trojan-activity;sid:84328856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/183feb73-c001-4172-a9c4-8aedcbb9c085/downloads/nosasasoxanuxoxazefuz.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465747/; classtype:trojan-activity;sid:84328847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465748)"; flow:established,from_client; content:"GET"; http_method; content:"/files/20548e32-6b43-41e7-8366-03bd0c93062f/bajivuwigudopunusaje.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465748/; classtype:trojan-activity;sid:84328848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465749)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gibekewelodi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465749/; classtype:trojan-activity;sid:84328849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465750)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7c64f996-d0ef-4b27-bf41-3cf52245ddc0/rirono.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465750/; classtype:trojan-activity;sid:84328850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465751)"; flow:established,from_client; content:"GET"; http_method; content:"/ajoomk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465751/; classtype:trojan-activity;sid:84328851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465752)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/16395777837.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465752/; classtype:trojan-activity;sid:84328852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/jspdf_autotable_x_position.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465753/; classtype:trojan-activity;sid:84328853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465738)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d414f139-10ca-46a4-9926-50fd7df6928c/66d271ae-a7e4-4f66-82a9-4bbafe91496f.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465738/; classtype:trojan-activity;sid:84328838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465739)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/cerere_demisie_fara_preaviz.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465739/; classtype:trojan-activity;sid:84328839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0fde6049-38a2-402e-8604-5a56fc977486/downloads/request_letter_for_construction_bond_refund.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465740/; classtype:trojan-activity;sid:84328840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465741)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdd5ea6e-1f6b-4417-9fad-928f6d1c8a68/downloads/50_verbes_irreguliers_en_anglais.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465741/; classtype:trojan-activity;sid:84328841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/molecular_mass_of_elements_list.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465742/; classtype:trojan-activity;sid:84328842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.204.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465743/; classtype:trojan-activity;sid:84328843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465744)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/69278806631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465744/; classtype:trojan-activity;sid:84328844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.178.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465745/; classtype:trojan-activity;sid:84328845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465746)"; flow:established,from_client; content:"GET"; http_method; content:"/file/5a64c4cd-df76-4ed0-8df6-1d12dd74dc67/20759734672.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465746/; classtype:trojan-activity;sid:84328846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465735)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/nonisenokedevesuxumuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465735/; classtype:trojan-activity;sid:84328835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465736)"; flow:established,from_client; content:"GET"; http_method; content:"/file/febd7372-2ad9-4962-96fa-f40e54e3ca1b/kapaxepixiremosamojopedol.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465736/; classtype:trojan-activity;sid:84328836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465737)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/528f7e56-16b3-4527-bc22-02b6d7954666/downloads/xomomixomasupadimamowaw.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465737/; classtype:trojan-activity;sid:84328837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/mesoduwegotujowokikurixo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465729/; classtype:trojan-activity;sid:84328829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465730/; classtype:trojan-activity;sid:84328830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_fill_up_deed_of_sale_of_motor_vehicle.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465731/; classtype:trojan-activity;sid:84328831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.3.111"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465732/; classtype:trojan-activity;sid:84328832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.203.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465733/; classtype:trojan-activity;sid:84328833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465734/; classtype:trojan-activity;sid:84328834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33d2c907-2bf6-4426-875f-30dcfdd2ea6c/downloads/takeshi_amemiya_advanced_econometrics.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465724/; classtype:trojan-activity;sid:84328824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465725)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/paxakuvenu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465725/; classtype:trojan-activity;sid:84328825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465726/; classtype:trojan-activity;sid:84328826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.153.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465727/; classtype:trojan-activity;sid:84328827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465728/; classtype:trojan-activity;sid:84328828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51d0d552-51a2-4187-835e-597cbad426c9/downloads/astm_e2500.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465715/; classtype:trojan-activity;sid:84328815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/16407212514.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465716/; classtype:trojan-activity;sid:84328816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/mewivisonixapolivifit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465717/; classtype:trojan-activity;sid:84328817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465718)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5778216d-14df-4dd7-ac4c-aefbb7c07c24/downloads/kugaduvekujewotaz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465718/; classtype:trojan-activity;sid:84328818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tafanavevimewom.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465719/; classtype:trojan-activity;sid:84328819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465720)"; flow:established,from_client; content:"GET"; http_method; content:"/file/22a64133-b9e7-412c-8017-1710cf7818a4/10766395331.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465720/; classtype:trojan-activity;sid:84328820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lemowegigusazisalelupo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465721/; classtype:trojan-activity;sid:84328821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465722)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5add4dbc-ec7d-4010-9077-0d95eef82ba1/downloads/64293794102.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465722/; classtype:trojan-activity;sid:84328822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465723)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a7c970be-6487-407b-ae67-0318aa6bed96/downloads/19932307165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465723/; classtype:trojan-activity;sid:84328823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465709)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/lowasa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465709/; classtype:trojan-activity;sid:84328809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/19999334835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465710/; classtype:trojan-activity;sid:84328810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/921a43a6-1495-4d95-bdb1-69b79162b826/downloads/13397059696.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465711/; classtype:trojan-activity;sid:84328811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465712)"; flow:established,from_client; content:"GET"; http_method; content:"/file/601f6aa4-e385-4b44-a6d9-6098705e00fb/sakogodasexabegesogo.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465712/; classtype:trojan-activity;sid:84328812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465713/; classtype:trojan-activity;sid:84328813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465714)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b3cb2fd2-80cf-4497-9966-46f7699e136d/downloads/kovajive.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465714/; classtype:trojan-activity;sid:84328814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465706)"; flow:established,from_client; content:"GET"; http_method; content:"/file/abf91c61-fc7a-4e87-94e1-147393592f23/7853948665.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465706/; classtype:trojan-activity;sid:84328806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465707)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/49bbfdeb-576f-4f20-b756-96ff9c705013/downloads/96422280236.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465707/; classtype:trojan-activity;sid:84328807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/imo_dangerous_goods_declaration_example.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465708/; classtype:trojan-activity;sid:84328808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465703)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/88847399269.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465703/; classtype:trojan-activity;sid:84328803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465704)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdb9e382-acbe-48dd-9722-c531572d81a1/downloads/pugalisamelifakebage.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465704/; classtype:trojan-activity;sid:84328804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465705)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.125.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465705/; classtype:trojan-activity;sid:84328805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465696/; classtype:trojan-activity;sid:84328796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/89463890604.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465697/; classtype:trojan-activity;sid:84328797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465698)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8c27c057-779f-43b4-85d0-81f6a03471ef/vagimupagonagadikot.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465698/; classtype:trojan-activity;sid:84328798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465699)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/lotumajufinunixine.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465699/; classtype:trojan-activity;sid:84328799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465701)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9951c46-77aa-4ac5-b843-be02d4be2067/downloads/50826134191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465701/; classtype:trojan-activity;sid:84328801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kasupobuwomubafujos.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465702/; classtype:trojan-activity;sid:84328802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465688)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20230531145313if_/http://img1.wsimg.com/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465688/; classtype:trojan-activity;sid:84328788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.73.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465689/; classtype:trojan-activity;sid:84328789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465690/; classtype:trojan-activity;sid:84328790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/jotepebuzixulelomizo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465691/; classtype:trojan-activity;sid:84328791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465692)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/83320615193.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465692/; classtype:trojan-activity;sid:84328792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465693)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/radix_temperature_controller_x_48_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465693/; classtype:trojan-activity;sid:84328793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/24a9af23-a9c8-45b6-80f8-335651f17510/downloads/96094090900.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465694/; classtype:trojan-activity;sid:84328794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/22a15b49-22b8-4edf-a855-4e76194b4aaf/downloads/97812412729.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465695/; classtype:trojan-activity;sid:84328795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465684)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b94a02fb-5509-4ef4-a703-c9018dffb625/bobasadajim.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465684/; classtype:trojan-activity;sid:84328784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465685)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/lizaputasu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465685/; classtype:trojan-activity;sid:84328785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465686)"; flow:established,from_client; content:"GET"; http_method; content:"/file/aaa52871-9cac-4d78-8e77-9fbcdcdccd3a/21799623392.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465686/; classtype:trojan-activity;sid:84328786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.48.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465687/; classtype:trojan-activity;sid:84328787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/boxikijefedajexufesibul.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465679/; classtype:trojan-activity;sid:84328779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465680)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11012613986.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465680/; classtype:trojan-activity;sid:84328780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.161.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465681/; classtype:trojan-activity;sid:84328781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bucharest_grill_nutrition_information.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465682/; classtype:trojan-activity;sid:84328782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465683)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3844a76d-a274-4a3a-ad7f-2943a29e37b3/downloads/lezopidigusaraten.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465683/; classtype:trojan-activity;sid:84328783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465674)"; flow:established,from_client; content:"GET"; http_method; content:"/file/26af2334-7171-4e90-864b-4c3746258e75/jeluzerixazitixex.pdf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465674/; classtype:trojan-activity;sid:84328774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465675)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/guia_para_ingresar_al_bachillerato_conamat.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465675/; classtype:trojan-activity;sid:84328775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465676)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c05749dd-9847-4970-8ce0-7613c7e61d4d/xixojuzonewazurepewaje.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465676/; classtype:trojan-activity;sid:84328776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465677)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a7009921-67a0-44a9-bb5d-df5efe86e32d/bekevurufopel.pdf"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465677/; classtype:trojan-activity;sid:84328777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465678)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/robaziromumeborumapix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465678/; classtype:trojan-activity;sid:84328778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465670)"; flow:established,from_client; content:"GET"; http_method; content:"/files/883a8c40-1cd2-4df9-bba3-74811b10a6eb/55376934363.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465670/; classtype:trojan-activity;sid:84328770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/5252998215.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465671/; classtype:trojan-activity;sid:84328771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465672)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/36758652154.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465672/; classtype:trojan-activity;sid:84328772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465673)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/73577237968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465673/; classtype:trojan-activity;sid:84328773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465657)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/louison_et_monsieur_moliere_resume.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465657/; classtype:trojan-activity;sid:84328757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.165.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465658/; classtype:trojan-activity;sid:84328758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465659)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c0e10d8d-68d9-4f8d-b85c-b15a2bc8742b/9c4b539a-ad2e-415f-9503-19dedb74660e.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465659/; classtype:trojan-activity;sid:84328759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465660)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a03fd264-622c-49da-819e-92c49cdd5e2b/downloads/xovifubakuforij.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465660/; classtype:trojan-activity;sid:84328760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.62.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465661/; classtype:trojan-activity;sid:84328761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.176.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465662/; classtype:trojan-activity;sid:84328762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rupesiduvunimekesozo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465663/; classtype:trojan-activity;sid:84328763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/special_forces_knife_techniques.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465664/; classtype:trojan-activity;sid:84328764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465665)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/90645579432.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465665/; classtype:trojan-activity;sid:84328765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/6130931006.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465666/; classtype:trojan-activity;sid:84328766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/camp_green_lake.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465667/; classtype:trojan-activity;sid:84328767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465668)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/478a916a-56a8-445d-9eb0-b1a280ba537b/downloads/27628335796.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465668/; classtype:trojan-activity;sid:84328768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465669)"; flow:established,from_client; content:"GET"; http_method; content:"/puta/donk.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465669/; classtype:trojan-activity;sid:84328769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.84.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465653/; classtype:trojan-activity;sid:84328753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465654/; classtype:trojan-activity;sid:84328754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465655)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/eating_questionnaire-_a_ede-a_scoring.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465655/; classtype:trojan-activity;sid:84328755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465656)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7f580dc0-98b4-4e18-baf3-06c58a500cbc/nsa_css_policy_manual_no._3-16_january_2015.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465656/; classtype:trojan-activity;sid:84328756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465650)"; flow:established,from_client; content:"GET"; http_method; content:"/files/b13dab31-828c-410b-8827-f1d9ff5bd2be/45160252942.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465650/; classtype:trojan-activity;sid:84328750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465651)"; flow:established,from_client; content:"GET"; http_method; content:"/file_premium/07mslzzsu6u89vj/linkin_park.mp3/file"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465651/; classtype:trojan-activity;sid:84328751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/myer_victor_sewing_machine_manual.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465652/; classtype:trojan-activity;sid:84328752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465647)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/jorejujavupu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465647/; classtype:trojan-activity;sid:84328747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41fa09f3-79bd-43c0-909a-d1a20c3cb7f6/downloads/attestation_sur_l_honneur_de_non_ressources.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465648/; classtype:trojan-activity;sid:84328748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465649)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb7f2f0c-e896-4e47-abeb-a05a47b6dcff/downloads/37569138292.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465649/; classtype:trojan-activity;sid:84328749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465646)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d17da8fa-707d-4a2f-802b-f4e05d2ebbdb/56084137650.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465646/; classtype:trojan-activity;sid:84328746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.154.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465629/; classtype:trojan-activity;sid:84328729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465630)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/98482064700.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465630/; classtype:trojan-activity;sid:84328730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465631)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/83364999300.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465631/; classtype:trojan-activity;sid:84328731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/records_of_declaration_disbursements_division.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465632/; classtype:trojan-activity;sid:84328732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6084bd9-50ce-4d5f-82c5-bb685cd57a0d/downloads/mdsap_audit_checklist.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465633/; classtype:trojan-activity;sid:84328733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465634)"; flow:established,from_client; content:"GET"; http_method; content:"/files/a2194ba4-9441-4a57-b050-b245fbc54c46/bdp-hosteleria-descargar-crack-para.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465634/; classtype:trojan-activity;sid:84328734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/jaziz.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465635/; classtype:trojan-activity;sid:84328735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465636)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a74441e7-424c-4454-9bc5-28c3682f6c16/downloads/jupifevaperoziput.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465636/; classtype:trojan-activity;sid:84328736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465637)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f778edfd-e481-47d7-9553-9364d433dcaf/downloads/morningstar_andex_chart_2022.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465637/; classtype:trojan-activity;sid:84328737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465638)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cabcb3ce-a861-487f-a172-56f4b47cbc63/downloads/nilefovidigutozezosanuz.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465638/; classtype:trojan-activity;sid:84328738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465639)"; flow:established,from_client; content:"GET"; http_method; content:"/files/992bfbd1-9e94-42af-9bf8-f640c5213d61/bupewo.pdf"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465639/; classtype:trojan-activity;sid:84328739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/39892598323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465640/; classtype:trojan-activity;sid:84328740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00810c7d-a901-42bd-b2e3-20945a4ad8cb/downloads/wimorawezabizu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465641/; classtype:trojan-activity;sid:84328741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/viduwe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465642/; classtype:trojan-activity;sid:84328742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465643)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a1b48068-f219-4487-b633-0ea4f25dfa5f/downloads/57025089155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465643/; classtype:trojan-activity;sid:84328743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.100.128.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465644/; classtype:trojan-activity;sid:84328744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.50.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465645/; classtype:trojan-activity;sid:84328745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.89.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465628/; classtype:trojan-activity;sid:84328728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465624)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ee9fd3b4-d85f-4a7a-8562-7249f6554197/63310671629.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465624/; classtype:trojan-activity;sid:84328724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00490ec0-0f24-4e25-91e3-8e5bedec5e60/downloads/woxudinawonetunogidubi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465625/; classtype:trojan-activity;sid:84328725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/16984198490.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465626/; classtype:trojan-activity;sid:84328726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.237.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465627/; classtype:trojan-activity;sid:84328727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33bb6cfc-294d-4317-8afb-5d34ed60ffe6/downloads/20222176664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465622/; classtype:trojan-activity;sid:84328722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.135.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465623/; classtype:trojan-activity;sid:84328723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465618)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/72454635563.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465618/; classtype:trojan-activity;sid:84328718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465619)"; flow:established,from_client; content:"GET"; http_method; content:"/file/74bd8e15-b531-4ed4-b619-af557318b023/e651758f-30ba-4579-a3ce-d6fa3c72a0c8.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465619/; classtype:trojan-activity;sid:84328719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465620)"; flow:established,from_client; content:"GET"; http_method; content:"/file/27794bf5-1317-4d22-8346-793e70f57a17/ribejufofiradusulujinug.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465620/; classtype:trojan-activity;sid:84328720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465621)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pisaxafubavofi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465621/; classtype:trojan-activity;sid:84328721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/catastrophic_disaster_area_property_inspection_report.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465613/; classtype:trojan-activity;sid:84328713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465614)"; flow:established,from_client; content:"GET"; http_method; content:"/files/81e8397b-47f4-4c60-8231-238a2ff2f1f1/norsok-p-002-pdf-download.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465614/; classtype:trojan-activity;sid:84328714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465615)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/citadel_document_solutions_lawsuit.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465615/; classtype:trojan-activity;sid:84328715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465616)"; flow:established,from_client; content:"GET"; http_method; content:"/files/f2c1eb78-55f6-4f95-b970-e5028a64428f/deviations-a-gayle-rubin-reader-532.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465616/; classtype:trojan-activity;sid:84328716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465617/; classtype:trojan-activity;sid:84328717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fumaxogufav.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465607/; classtype:trojan-activity;sid:84328707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.186.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465608/; classtype:trojan-activity;sid:84328708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465609)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8e8e1670-301d-464f-922d-5398486d7652/5eefa5b8-89a4-4b92-b102-da010bce78d8.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465609/; classtype:trojan-activity;sid:84328709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kigepobesewizijipakusafal.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465610/; classtype:trojan-activity;sid:84328710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.141.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465611/; classtype:trojan-activity;sid:84328711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.49.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465612/; classtype:trojan-activity;sid:84328712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tabuas_sumerias_traduzidas.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465600/; classtype:trojan-activity;sid:84328700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.58.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465601/; classtype:trojan-activity;sid:84328701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.93.205.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465602/; classtype:trojan-activity;sid:84328702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/17054728623.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465603/; classtype:trojan-activity;sid:84328703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/678cd2ef-32fa-4621-9c35-e4f34096b4ea/downloads/airbus_cml.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465604/; classtype:trojan-activity;sid:84328704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/3730146334.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465605/; classtype:trojan-activity;sid:84328705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36770579775.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465606/; classtype:trojan-activity;sid:84328706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/luxodebapiruwuneragomugef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465594/; classtype:trojan-activity;sid:84328694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.232.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465595/; classtype:trojan-activity;sid:84328695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465596/; classtype:trojan-activity;sid:84328696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.9.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465597/; classtype:trojan-activity;sid:84328697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/87554570559.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465598/; classtype:trojan-activity;sid:84328698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465599)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fff11fc4-91ee-4c26-ab94-6b71630d2bb1/downloads/resignation_letter_sample_for_bpo_company.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465599/; classtype:trojan-activity;sid:84328699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465586)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/84675915071.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465586/; classtype:trojan-activity;sid:84328686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.54.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465587/; classtype:trojan-activity;sid:84328687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465588)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17a8127f-1a20-4f1c-a234-ba1b1a8873f5/downloads/90572854820.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465588/; classtype:trojan-activity;sid:84328688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465589)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/78534035283.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465589/; classtype:trojan-activity;sid:84328689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465590)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wudofe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465590/; classtype:trojan-activity;sid:84328690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.120.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465591/; classtype:trojan-activity;sid:84328691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465592)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/glassman_high_voltage_series_eq_manual.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465592/; classtype:trojan-activity;sid:84328692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/57653563602.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465593/; classtype:trojan-activity;sid:84328693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465584/; classtype:trojan-activity;sid:84328684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/343166b6-b38d-45a3-a768-806295759a1d/downloads/vatemunubiserotogurozem.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465585/; classtype:trojan-activity;sid:84328685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465580)"; flow:established,from_client; content:"GET"; http_method; content:"/file/140cfb96-c952-4214-b432-bc60f76335cd/6754465782.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465580/; classtype:trojan-activity;sid:84328680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465581)"; flow:established,from_client; content:"GET"; http_method; content:"/file/d788a1f9-0668-4de8-877f-eda6f2d10c24/1611a471-08d2-48ce-96d4-a4ed12658562.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465581/; classtype:trojan-activity;sid:84328681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465582)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/simamutozudolejezeze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465582/; classtype:trojan-activity;sid:84328682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a8a7b266-73df-492a-af50-f7d9f90e0e6d/downloads/salesforce_community_developer_guide.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465583/; classtype:trojan-activity;sid:84328683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465578)"; flow:established,from_client; content:"GET"; http_method; content:"/files/a990b6a5-b9c5-4a66-876a-af9e84d1cdca/10951257528.pdf"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploads.strikinglycdn.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465578/; classtype:trojan-activity;sid:84328678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.85.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465579/; classtype:trojan-activity;sid:84328679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/zepojekowokevi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465572/; classtype:trojan-activity;sid:84328672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465573)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2cd8ef37-3f02-4d83-b132-5400b0b21173/downloads/can_sins_be_forgiven_in_hinduism.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465573/; classtype:trojan-activity;sid:84328673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465574)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9390f2de-e8f5-48e5-8f1b-3aa5affb2913/downloads/ra_to_surface_finish.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465574/; classtype:trojan-activity;sid:84328674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.46.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465575/; classtype:trojan-activity;sid:84328675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465576)"; flow:established,from_client; content:"GET"; http_method; content:"/file/be156945-fea4-4269-af3e-152d465cf29f/lulokesoxadexevasog.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465576/; classtype:trojan-activity;sid:84328676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465577)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/holman_enterprises_annual_report.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465577/; classtype:trojan-activity;sid:84328677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.245.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465550/; classtype:trojan-activity;sid:84328650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/chiller_factory_acceptance_test_checklist_template.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465551/; classtype:trojan-activity;sid:84328651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7913e2d4-0776-44f0-af91-53eb35e22f50/downloads/broken_sous_ta_peau_2_ekladata.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465552/; classtype:trojan-activity;sid:84328652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/lujipipatemajipurozurile.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465553/; classtype:trojan-activity;sid:84328653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465554)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/sottoindicato_o_sotto_indicato_treccani.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465554/; classtype:trojan-activity;sid:84328654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465555)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62fde782-5483-4905-a6da-12e04ab1250b/downloads/38559734752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465555/; classtype:trojan-activity;sid:84328655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dfa50dfd-b675-4866-b542-d79684ac1045/downloads/28769720040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465556/; classtype:trojan-activity;sid:84328656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/formato_st-4_imss_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465557/; classtype:trojan-activity;sid:84328657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adfd48e6-08dc-41dd-a2a1-45489e329c75/downloads/attestation_de_non_affiliation_cnas.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465558/; classtype:trojan-activity;sid:84328658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tosca_automation_specialist_level_2_certification_questions_.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465559/; classtype:trojan-activity;sid:84328659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465560)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/how_to_factory_reset_verifone_mx915.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465560/; classtype:trojan-activity;sid:84328660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/frm_part_2_schweser_quicksheet.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465561/; classtype:trojan-activity;sid:84328661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/incucyte_s3_user_guide.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465562/; classtype:trojan-activity;sid:84328662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/lean_visual_management_board_examples.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465563/; classtype:trojan-activity;sid:84328663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/1567746722.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465564/; classtype:trojan-activity;sid:84328664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/xujudodavudejeb.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465565/; classtype:trojan-activity;sid:84328665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/situation_denonciation_coupe_ou_ancre_exercices_corriges.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465566/; classtype:trojan-activity;sid:84328666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wikuzidip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465567/; classtype:trojan-activity;sid:84328667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/87185669225.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465568/; classtype:trojan-activity;sid:84328668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/likibixeve.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465569/; classtype:trojan-activity;sid:84328669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465570)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/exsilentia_4._0_user_guide.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465570/; classtype:trojan-activity;sid:84328670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/586b3ef6-c9db-4d1a-a9eb-303f942e21fa/downloads/55359157176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465571/; classtype:trojan-activity;sid:84328671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.68.235.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465548/; classtype:trojan-activity;sid:84328648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465549)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2ed39e3b-5bb7-43f5-b391-5389b587781b/471c0e7f-114a-465b-a3bd-7577a475a36b.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465549/; classtype:trojan-activity;sid:84328649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.85.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465545/; classtype:trojan-activity;sid:84328645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465546)"; flow:established,from_client; content:"GET"; http_method; content:"/file/c278d4c6-0334-48d2-a4bf-4647f51e98f0/38569142166.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465546/; classtype:trojan-activity;sid:84328646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465547/; classtype:trojan-activity;sid:84328647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465542)"; flow:established,from_client; content:"GET"; http_method; content:"/earyzq"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465542/; classtype:trojan-activity;sid:84328642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465543/; classtype:trojan-activity;sid:84328643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.135.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465544/; classtype:trojan-activity;sid:84328644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.194.157.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465541/; classtype:trojan-activity;sid:84328641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465539)"; flow:established,from_client; content:"GET"; http_method; content:"/file/0cea5c04-908c-4a73-882a-4c61e16d70ff/mekisamavosusanokevijege.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465539/; classtype:trojan-activity;sid:84328639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465540)"; flow:established,from_client; content:"GET"; http_method; content:"/file/496283e0-3946-4d97-b55d-07e6935a5e06/fasuzixikedozonogo.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465540/; classtype:trojan-activity;sid:84328640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465537)"; flow:established,from_client; content:"GET"; http_method; content:"/file/43d06149-2a1a-468d-8baa-9b5e28e63dac/xawevalife.pdf"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465537/; classtype:trojan-activity;sid:84328637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465538)"; flow:established,from_client; content:"GET"; http_method; content:"/file/a487b674-5b00-46c7-888c-06e01952533f/20102979376.pdf"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"jimdo-storage.global.ssl.fastly.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465538/; classtype:trojan-activity;sid:84328638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465536)"; flow:established,from_client; content:"GET"; http_method; content:"/drive/utilizer.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"70.34.220.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465536/; classtype:trojan-activity;sid:84328636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465535)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/5bb01c_49ce4c6888e745d59ac023a60341b134.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"0503187d-52cd-4237-9521-a3cb9bf551ae.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465535/; classtype:trojan-activity;sid:84328635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465534)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/2e3d42_ae1cab582fce473393382fe4ce42f55d.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"409b2d23-5c1d-402e-97df-26c0da9299b0.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465534/; classtype:trojan-activity;sid:84328634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465531)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/64bd79_3adf23d3071d4a6fb519c1e6a88b66fe.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"0793e221-2e7e-4176-aae8-4ff4b75d8f7a.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465531/; classtype:trojan-activity;sid:84328631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465530)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/a083a1_70ceed5d31d64f1dbb64d3a5155bb2dc.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"44eeb0f0-4dc9-4d8b-b3fd-cc7ace98e90e.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465530/; classtype:trojan-activity;sid:84328630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465525)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/7e0eb0_9e2a7ed7749f440db51095e9184cf6e8.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"12c48f50-3553-44c7-a31c-19fc5df83d07.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465525/; classtype:trojan-activity;sid:84328625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465500)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/865d50_a8f4acca49e94f0499720983e987e8ea.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"1c896d37-30d1-4b4d-9537-98f963aae812.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465500/; classtype:trojan-activity;sid:84328600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465498)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/173145_6ec4742f64c74f54ad5f7fc4a42a0b56.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"48936d5e-4b15-4059-a328-ddb12afcc15e.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465498/; classtype:trojan-activity;sid:84328598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465496)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/e4636f_1ec353d050b54e98b00759156ae31a7c.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"4cf2acc4-d143-4013-a78d-f21de0873c4f.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465496/; classtype:trojan-activity;sid:84328596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465497)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/ef0078_f6e8e4077f2243e59822986bb3aa073e.pdf"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"4a39c6c9-989b-4d11-b2d8-cc0becc7f193.filesusr.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465497/; classtype:trojan-activity;sid:84328597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.54.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465376/; classtype:trojan-activity;sid:84328476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465317)"; flow:established,from_client; content:"GET"; http_method; content:"/morninghtaaaafilex.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.3.220.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465317/; classtype:trojan-activity;sid:84328417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.93.109.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465225/; classtype:trojan-activity;sid:84328325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465208)"; flow:established,from_client; content:"GET"; http_method; content:"/muvvvnvv2.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.195.236.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465208/; classtype:trojan-activity;sid:84328308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.93.109.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465204/; classtype:trojan-activity;sid:84328304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465198)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.205.252.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465198/; classtype:trojan-activity;sid:84328298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.194.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465154/; classtype:trojan-activity;sid:84328254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.15.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465034/; classtype:trojan-activity;sid:84328134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464941)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura|3f|ddos"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3464941/; classtype:trojan-activity;sid:84328041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464940)"; flow:established,from_client; content:"GET"; http_method; content:"/dss|3f|ddos"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3464940/; classtype:trojan-activity;sid:84328040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464898/; classtype:trojan-activity;sid:84327998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464887/; classtype:trojan-activity;sid:84327987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464706)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wupiao.3987.com.rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"forspeed.onlinedown.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464706/; classtype:trojan-activity;sid:84327806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464699)"; flow:established,from_client; content:"GET"; http_method; content:"/down/15090955171009_sow.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"forspeed.onlinedown.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464699/; classtype:trojan-activity;sid:84327799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464693)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"112.252.241.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464693/; classtype:trojan-activity;sid:84327793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464692)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.241.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464692/; classtype:trojan-activity;sid:84327792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464691)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"112.252.241.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464691/; classtype:trojan-activity;sid:84327791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464688)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.241.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464688/; classtype:trojan-activity;sid:84327788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464689)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"112.252.241.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464689/; classtype:trojan-activity;sid:84327789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.121.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464657/; classtype:trojan-activity;sid:84327757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"144.48.121.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464605/; classtype:trojan-activity;sid:84327705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464441)"; flow:established,from_client; content:"GET"; http_method; content:"/getuname.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"zaikacakes.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464441/; classtype:trojan-activity;sid:84327541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464391)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.169.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464391/; classtype:trojan-activity;sid:84327491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464384)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.110.186.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464384/; classtype:trojan-activity;sid:84327484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464382)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.58.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464382/; classtype:trojan-activity;sid:84327482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464349/; classtype:trojan-activity;sid:84327449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464350/; classtype:trojan-activity;sid:84327450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464352/; classtype:trojan-activity;sid:84327452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464356/; classtype:trojan-activity;sid:84327456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464343/; classtype:trojan-activity;sid:84327443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464344/; classtype:trojan-activity;sid:84327444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464345/; classtype:trojan-activity;sid:84327445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464346/; classtype:trojan-activity;sid:84327446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464347/; classtype:trojan-activity;sid:84327447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464340/; classtype:trojan-activity;sid:84327440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464341/; classtype:trojan-activity;sid:84327441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.0.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464342/; classtype:trojan-activity;sid:84327442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464166/; classtype:trojan-activity;sid:84327266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464151)"; flow:established,from_client; content:"GET"; http_method; content:"/hmrc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"apps-actions.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464151/; classtype:trojan-activity;sid:84327251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464152)"; flow:established,from_client; content:"GET"; http_method; content:"/hmrc_self_assessment"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"apps-actions.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464152/; classtype:trojan-activity;sid:84327252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464139)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hmrc_self_assessment.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"86.54.42.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464139/; classtype:trojan-activity;sid:84327239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463714)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/taxdocuments24.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"89.23.107.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463714/; classtype:trojan-activity;sid:84326814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463715)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/rtsaging.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.83.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463715/; classtype:trojan-activity;sid:84326815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463716)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/complete.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.107.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463716/; classtype:trojan-activity;sid:84326816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463707)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/hyhyhy.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463707/; classtype:trojan-activity;sid:84326807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463703)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/setup.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463703/; classtype:trojan-activity;sid:84326803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463704)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/setup1.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463704/; classtype:trojan-activity;sid:84326804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463705)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/filesetup.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463705/; classtype:trojan-activity;sid:84326805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463706)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/file.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463706/; classtype:trojan-activity;sid:84326806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463689)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/7.pdf.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463689/; classtype:trojan-activity;sid:84326789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463690)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/pidrozka_shevchenko3.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463690/; classtype:trojan-activity;sid:84326790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463691)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/pidrozka5.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463691/; classtype:trojan-activity;sid:84326791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463692)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/3.pdf.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463692/; classtype:trojan-activity;sid:84326792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463693)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/pidrozka_shevchenko.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463693/; classtype:trojan-activity;sid:84326793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463694)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/example5.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463694/; classtype:trojan-activity;sid:84326794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463695)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/pidrozka_shevchenko2.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463695/; classtype:trojan-activity;sid:84326795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463696)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/shevigor.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463696/; classtype:trojan-activity;sid:84326796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463697)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/2.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463697/; classtype:trojan-activity;sid:84326797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463679)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.114.193.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463679/; classtype:trojan-activity;sid:84326779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463678)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"122.114.193.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463678/; classtype:trojan-activity;sid:84326778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463675)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"122.114.193.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463675/; classtype:trojan-activity;sid:84326775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463676)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.exe.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"122.114.193.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463676/; classtype:trojan-activity;sid:84326776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463677)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"122.114.193.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463677/; classtype:trojan-activity;sid:84326777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463674)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.114.193.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463674/; classtype:trojan-activity;sid:84326774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463606)"; flow:established,from_client; content:"GET"; http_method; content:"/har"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.98.48.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463606/; classtype:trojan-activity;sid:84326706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463598)"; flow:established,from_client; content:"GET"; http_method; content:"/recaptcha.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"110.41.78.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463598/; classtype:trojan-activity;sid:84326698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.52.36.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463546/; classtype:trojan-activity;sid:84326646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.169.244.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463542/; classtype:trojan-activity;sid:84326642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.87.155.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463538/; classtype:trojan-activity;sid:84326638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.192.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463539/; classtype:trojan-activity;sid:84326639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.192.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463540/; classtype:trojan-activity;sid:84326640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.192.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463534/; classtype:trojan-activity;sid:84326634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463531)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.58.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463531/; classtype:trojan-activity;sid:84326631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463500)"; flow:established,from_client; content:"GET"; http_method; content:"/verify/index.html"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"elnas.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463500/; classtype:trojan-activity;sid:84326600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463509)"; flow:established,from_client; content:"GET"; http_method; content:"/up/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blessdayservices.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463509/; classtype:trojan-activity;sid:84326609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463511)"; flow:established,from_client; content:"GET"; http_method; content:"/v/"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"drmarlenemd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463511/; classtype:trojan-activity;sid:84326611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463513)"; flow:established,from_client; content:"GET"; http_method; content:"/v/"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"jessespridecharters.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463513/; classtype:trojan-activity;sid:84326613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463487)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"mail.lucprofessional.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463487/; classtype:trojan-activity;sid:84326587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463488)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"mail.finocci.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463488/; classtype:trojan-activity;sid:84326588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463489)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"kevinzhangadmin.jintsume.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463489/; classtype:trojan-activity;sid:84326589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463490)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"cambodiatouristservice.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463490/; classtype:trojan-activity;sid:84326590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463476)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.cambodiatouristservice.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463476/; classtype:trojan-activity;sid:84326576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463479)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.user.mypetapp.co.za"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463479/; classtype:trojan-activity;sid:84326579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463480)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"admin.gestroom.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463480/; classtype:trojan-activity;sid:84326580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463481)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"test.peperoncinochepassione.it"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463481/; classtype:trojan-activity;sid:84326581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463482)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"first-security-verden.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463482/; classtype:trojan-activity;sid:84326582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463484)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.sales.mypetapp.co.za"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463484/; classtype:trojan-activity;sid:84326584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463485)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"lucprofessional.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463485/; classtype:trojan-activity;sid:84326585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463472)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"zamilgroups.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463472/; classtype:trojan-activity;sid:84326572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463473)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"user.mypetapp.co.za"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463473/; classtype:trojan-activity;sid:84326573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463464)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.laborpartyjo.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463464/; classtype:trojan-activity;sid:84326564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463466)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"finocci.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463466/; classtype:trojan-activity;sid:84326566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463468)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.amun.jintsume.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463468/; classtype:trojan-activity;sid:84326568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463469)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"app.houseforma.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463469/; classtype:trojan-activity;sid:84326569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463457)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.finocci.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463457/; classtype:trojan-activity;sid:84326557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463459)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.website.mypetapp.co.za"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463459/; classtype:trojan-activity;sid:84326559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463461)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.lucprofessional.grupomoltz.com.br"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463461/; classtype:trojan-activity;sid:84326561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463452)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"fastfreight-loads.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463452/; classtype:trojan-activity;sid:84326552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463455)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"thesignaturemag.salviatech.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463455/; classtype:trojan-activity;sid:84326555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463446)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.bratusferramentas.grupomoltz.com.br"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463446/; classtype:trojan-activity;sid:84326546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463451)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.immo-etoiles.fr"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463451/; classtype:trojan-activity;sid:84326551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463437)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"website.mypetapp.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463437/; classtype:trojan-activity;sid:84326537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463441)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"ningbocrm.jintsume.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463441/; classtype:trojan-activity;sid:84326541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463443)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"horno-rafelet.es"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463443/; classtype:trojan-activity;sid:84326543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463444)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"mail.ningbocrm.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463444/; classtype:trojan-activity;sid:84326544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463423)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"mail.laborpartyjo.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463423/; classtype:trojan-activity;sid:84326523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463425)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.kevinzhangadmin.jintsume.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463425/; classtype:trojan-activity;sid:84326525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bmdcompany.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463426/; classtype:trojan-activity;sid:84326526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.zamilgroups.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463430/; classtype:trojan-activity;sid:84326530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463431)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.sis.houseforma.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463431/; classtype:trojan-activity;sid:84326531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463415)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"laborpartyjo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463415/; classtype:trojan-activity;sid:84326515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463416)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"deturistaenjapon.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463416/; classtype:trojan-activity;sid:84326516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463419)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.thesignaturemag.salviatech.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463419/; classtype:trojan-activity;sid:84326519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463421)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.fastfreightloads.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463421/; classtype:trojan-activity;sid:84326521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463422)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.test.peperoncinochepassione.it"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463422/; classtype:trojan-activity;sid:84326522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463408)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"mail.cambodiatouristservice.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463408/; classtype:trojan-activity;sid:84326508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463409)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.ningbocrm.jintsume.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463409/; classtype:trojan-activity;sid:84326509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463404)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.fastfreight-loads.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463404/; classtype:trojan-activity;sid:84326504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463406)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"my.salviatech.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463406/; classtype:trojan-activity;sid:84326506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463403)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"immo-etoiles.fr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463403/; classtype:trojan-activity;sid:84326503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.140.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463314/; classtype:trojan-activity;sid:84326414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463230/; classtype:trojan-activity;sid:84326330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463227/; classtype:trojan-activity;sid:84326327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463228/; classtype:trojan-activity;sid:84326328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463229/; classtype:trojan-activity;sid:84326329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463220/; classtype:trojan-activity;sid:84326320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463221)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463221/; classtype:trojan-activity;sid:84326321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463222/; classtype:trojan-activity;sid:84326322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463223/; classtype:trojan-activity;sid:84326323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463224/; classtype:trojan-activity;sid:84326324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463226)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463226/; classtype:trojan-activity;sid:84326326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.14.236.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463168/; classtype:trojan-activity;sid:84326268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.14.236.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463153/; classtype:trojan-activity;sid:84326253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.172.206.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463136/; classtype:trojan-activity;sid:84326236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463106)"; flow:established,from_client; content:"GET"; http_method; content:"/3ofn3jf3e2ljk/plugins/cred.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"cobolrationumelawrtewarms.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463106/; classtype:trojan-activity;sid:84326206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463104)"; flow:established,from_client; content:"GET"; http_method; content:"/3ofn3jf3e2ljk/plugins/clip64.dll"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cobolrationumelawrtewarms.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463104/; classtype:trojan-activity;sid:84326204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463105)"; flow:established,from_client; content:"GET"; http_method; content:"/3ofn3jf3e2ljk/plugins/clip.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"cobolrationumelawrtewarms.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463105/; classtype:trojan-activity;sid:84326205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.80.189.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463067/; classtype:trojan-activity;sid:84326167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.85.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463030/; classtype:trojan-activity;sid:84326130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462863)"; flow:established,from_client; content:"GET"; http_method; content:"/service.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.64.83.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3462863/; classtype:trojan-activity;sid:84325963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.161.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3462824/; classtype:trojan-activity;sid:84325924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.38.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3462737/; classtype:trojan-activity;sid:84325837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.236.93.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3462734/; classtype:trojan-activity;sid:84325834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.45.20.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3462677/; classtype:trojan-activity;sid:84325777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462460)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.88.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462460/; classtype:trojan-activity;sid:84325560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462457)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.88.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462457/; classtype:trojan-activity;sid:84325557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.216.55.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462442/; classtype:trojan-activity;sid:84325542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.151.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462444/; classtype:trojan-activity;sid:84325544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.148.192.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462436/; classtype:trojan-activity;sid:84325536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64n32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462395/; classtype:trojan-activity;sid:84325495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce500mc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462396/; classtype:trojan-activity;sid:84325496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462397/; classtype:trojan-activity;sid:84325497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc440fp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462398/; classtype:trojan-activity;sid:84325498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arcle750d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462399/; classtype:trojan-activity;sid:84325499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e5500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462400/; classtype:trojan-activity;sid:84325500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce300c3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462401/; classtype:trojan-activity;sid:84325501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arclehs38"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462402/; classtype:trojan-activity;sid:84325502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462403/; classtype:trojan-activity;sid:84325503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv32"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462404/; classtype:trojan-activity;sid:84325504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64power8"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462405/; classtype:trojan-activity;sid:84325505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64lepower8"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462406/; classtype:trojan-activity;sid:84325506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462407/; classtype:trojan-activity;sid:84325507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462408/; classtype:trojan-activity;sid:84325508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462409/; classtype:trojan-activity;sid:84325509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462410/; classtype:trojan-activity;sid:84325510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462411)"; flow:established,from_client; content:"GET"; http_method; content:"/dl1001"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462411/; classtype:trojan-activity;sid:84325511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462412/; classtype:trojan-activity;sid:84325512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462413/; classtype:trojan-activity;sid:84325513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462414/; classtype:trojan-activity;sid:84325514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e6500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462415/; classtype:trojan-activity;sid:84325515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64be"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462416/; classtype:trojan-activity;sid:84325516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64len32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462417/; classtype:trojan-activity;sid:84325517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462418/; classtype:trojan-activity;sid:84325518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462419/; classtype:trojan-activity;sid:84325519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.208.204.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462363/; classtype:trojan-activity;sid:84325463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462336)"; flow:established,from_client; content:"GET"; http_method; content:"/213/seethebestthingswecandothatwithgreatness.gif"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"192.3.95.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462336/; classtype:trojan-activity;sid:84325436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.10.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462305/; classtype:trojan-activity;sid:84325405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462288)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/muh/givemebestgoodthingstobe.hta"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"198.12.81.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462288/; classtype:trojan-activity;sid:84325388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462287)"; flow:established,from_client; content:"GET"; http_method; content:"/213/seetha/seethebestthingswecandothatwithgreatness.hta"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"192.3.95.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462287/; classtype:trojan-activity;sid:84325387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462241)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/jggdmki.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462241/; classtype:trojan-activity;sid:84325341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462242)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/omrnimg.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462242/; classtype:trojan-activity;sid:84325342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462243)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/mbrkmri.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462243/; classtype:trojan-activity;sid:84325343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462244)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/hkkcrng.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462244/; classtype:trojan-activity;sid:84325344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462245)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/fsadidk.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462245/; classtype:trojan-activity;sid:84325345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462246)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/fjmpdnn.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462246/; classtype:trojan-activity;sid:84325346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462247)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/fmgikde.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462247/; classtype:trojan-activity;sid:84325347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462248)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ajgofab.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462248/; classtype:trojan-activity;sid:84325348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462249)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/cfirgae.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462249/; classtype:trojan-activity;sid:84325349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462240)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/dmipkip.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462240/; classtype:trojan-activity;sid:84325340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462239)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/rjamfkg.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462239/; classtype:trojan-activity;sid:84325339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462234)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/kmodimh.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462234/; classtype:trojan-activity;sid:84325334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462235)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ppkhhmr.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462235/; classtype:trojan-activity;sid:84325335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462236)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/badskcb.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462236/; classtype:trojan-activity;sid:84325336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462237)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ksaagdi.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462237/; classtype:trojan-activity;sid:84325337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462238)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/egehikm.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462238/; classtype:trojan-activity;sid:84325338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462080)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"huyhoangluvnhi.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462080/; classtype:trojan-activity;sid:84325180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462009)"; flow:established,from_client; content:"GET"; http_method; content:"/test/exe/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462009/; classtype:trojan-activity;sid:84325109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462007)"; flow:established,from_client; content:"GET"; http_method; content:"/test/am_no.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462007/; classtype:trojan-activity;sid:84325107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461976)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/egmlcjewsctm228.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461976/; classtype:trojan-activity;sid:84325076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461974)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/ctkilgswes245.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461974/; classtype:trojan-activity;sid:84325074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461970)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/wuhnraisnqpdcp171.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461970/; classtype:trojan-activity;sid:84325070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461971)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/eegfmpkwtraydbupxcdpkwpkq185.bin"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461971/; classtype:trojan-activity;sid:84325071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461972)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/wvcikggyne71.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461972/; classtype:trojan-activity;sid:84325072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461973)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/gtoenvzfzzjyitccnxd153.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461973/; classtype:trojan-activity;sid:84325073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461966)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/hjchlkg248.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461966/; classtype:trojan-activity;sid:84325066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461967)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/egqdqhvedtduf140.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461967/; classtype:trojan-activity;sid:84325067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461968)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/nsdefbo180.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461968/; classtype:trojan-activity;sid:84325068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461969)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/brjyielqwdfxvizxospeti245.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461969/; classtype:trojan-activity;sid:84325069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461963)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/bgfdbxoxrvc.dat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461963/; classtype:trojan-activity;sid:84325063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461964)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/vowrddnb.wav"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461964/; classtype:trojan-activity;sid:84325064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461965)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/yfmhkoxf.wav"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461965/; classtype:trojan-activity;sid:84325065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461962)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/cdwzsyfc.vdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461962/; classtype:trojan-activity;sid:84325062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461957)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/znpbzu.vdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461957/; classtype:trojan-activity;sid:84325057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461958)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/uvslfeer.dat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461958/; classtype:trojan-activity;sid:84325058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461959)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/xktezflm.mp4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461959/; classtype:trojan-activity;sid:84325059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461960)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/wqelqjsju.pdf"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461960/; classtype:trojan-activity;sid:84325060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461961)"; flow:established,from_client; content:"GET"; http_method; content:"/itk/pnxbfy.wav"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461961/; classtype:trojan-activity;sid:84325061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461771)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461771/; classtype:trojan-activity;sid:84324871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461769)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461769/; classtype:trojan-activity;sid:84324869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461770)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461770/; classtype:trojan-activity;sid:84324870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461768)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461768/; classtype:trojan-activity;sid:84324868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461767)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461767/; classtype:trojan-activity;sid:84324867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461763)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461763/; classtype:trojan-activity;sid:84324863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461762)"; flow:established,from_client; content:"GET"; http_method; content:"/hj/mesvc.lnk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461762/; classtype:trojan-activity;sid:84324862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461663)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/zip/refs/heads/master"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461663/; classtype:trojan-activity;sid:84324763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461661)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/archive/refs/heads/master.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461661/; classtype:trojan-activity;sid:84324761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.35.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461650/; classtype:trojan-activity;sid:84324750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.43.223.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461644/; classtype:trojan-activity;sid:84324744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.35.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461637/; classtype:trojan-activity;sid:84324737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.43.223.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461634/; classtype:trojan-activity;sid:84324734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461597)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461597/; classtype:trojan-activity;sid:84324697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461595)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461595/; classtype:trojan-activity;sid:84324695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461596)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461596/; classtype:trojan-activity;sid:84324696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461590)"; flow:established,from_client; content:"GET"; http_method; content:"/x/2sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461590/; classtype:trojan-activity;sid:84324690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461591)"; flow:established,from_client; content:"GET"; http_method; content:"/x/pty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461591/; classtype:trojan-activity;sid:84324691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461592)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461592/; classtype:trojan-activity;sid:84324692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461593)"; flow:established,from_client; content:"GET"; http_method; content:"/x/3sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461593/; classtype:trojan-activity;sid:84324693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.177.180.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461536/; classtype:trojan-activity;sid:84324636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.18.68.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461350/; classtype:trojan-activity;sid:84324450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.138.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461351/; classtype:trojan-activity;sid:84324451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.56.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461349/; classtype:trojan-activity;sid:84324449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.100.232.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461341/; classtype:trojan-activity;sid:84324441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.157.194.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461339/; classtype:trojan-activity;sid:84324439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.183.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461336/; classtype:trojan-activity;sid:84324436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3461197/; classtype:trojan-activity;sid:84324297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.45.20.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460897/; classtype:trojan-activity;sid:84323997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460858)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460858/; classtype:trojan-activity;sid:84323958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460843)"; flow:established,from_client; content:"GET"; http_method; content:"/msidntld.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kusal.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460843/; classtype:trojan-activity;sid:84323943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.212.206.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460822/; classtype:trojan-activity;sid:84323922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.212.206.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460817/; classtype:trojan-activity;sid:84323917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460687)"; flow:established,from_client; content:"GET"; http_method; content:"/rothcomingsoon7750/menu-for-gta-5/raw/refs/heads/main/my_project.rar"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460687/; classtype:trojan-activity;sid:84323787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460685)"; flow:established,from_client; content:"GET"; http_method; content:"/gwyiomi/apex-legends-external-cheat-hack-trigger-glow-aimbot-skin-more-hwid-spoofer/releases/download/v2.0/software.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460685/; classtype:trojan-activity;sid:84323785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460683)"; flow:established,from_client; content:"GET"; http_method; content:"/at94b/universal-hwid-spoofer/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460683/; classtype:trojan-activity;sid:84323783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460628)"; flow:established,from_client; content:"GET"; http_method; content:"/files/qqdoup/random.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460628/; classtype:trojan-activity;sid:84323728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460581)"; flow:established,from_client; content:"GET"; http_method; content:"/file/3601_2042.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460581/; classtype:trojan-activity;sid:84323681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460569)"; flow:established,from_client; content:"GET"; http_method; content:"/file/8998_3800.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460569/; classtype:trojan-activity;sid:84323669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460571)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"189.229.73.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460571/; classtype:trojan-activity;sid:84323671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.139.188.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460487/; classtype:trojan-activity;sid:84323587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.139.188.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460472/; classtype:trojan-activity;sid:84323572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460437/; classtype:trojan-activity;sid:84323537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.236.93.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460426/; classtype:trojan-activity;sid:84323526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.79.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460412/; classtype:trojan-activity;sid:84323512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.79.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460377/; classtype:trojan-activity;sid:84323477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_28; reference:url, urlhaus.abuse.ch/url/3460330/; classtype:trojan-activity;sid:84323430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.12.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460241/; classtype:trojan-activity;sid:84323341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460176/; classtype:trojan-activity;sid:84323276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.15.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460170/; classtype:trojan-activity;sid:84323270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460167)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460167/; classtype:trojan-activity;sid:84323267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460165)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460165/; classtype:trojan-activity;sid:84323265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460154)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.30.154.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460154/; classtype:trojan-activity;sid:84323254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460157)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.54.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460157/; classtype:trojan-activity;sid:84323257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.170.249.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460140/; classtype:trojan-activity;sid:84323240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.91.76.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460142/; classtype:trojan-activity;sid:84323242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460101)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7098980627/matjwnv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460101/; classtype:trojan-activity;sid:84323201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460098)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460098/; classtype:trojan-activity;sid:84323198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459882)"; flow:established,from_client; content:"GET"; http_method; content:"/nginx.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"132.145.111.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459882/; classtype:trojan-activity;sid:84322982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459883)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"132.145.111.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459883/; classtype:trojan-activity;sid:84322983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459884)"; flow:established,from_client; content:"GET"; http_method; content:"/x.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.145.111.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459884/; classtype:trojan-activity;sid:84322984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459885)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"132.145.111.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459885/; classtype:trojan-activity;sid:84322985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459820)"; flow:established,from_client; content:"GET"; http_method; content:"/kaidopack/mod-gta5/releases/download/v3.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459820/; classtype:trojan-activity;sid:84322920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459822)"; flow:established,from_client; content:"GET"; http_method; content:"/micahchue/hwid-spoofer-and-cleaner-2024/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459822/; classtype:trojan-activity;sid:84322922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459815)"; flow:established,from_client; content:"GET"; http_method; content:"/rodbatista/mod-gta5/releases/download/v3.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459815/; classtype:trojan-activity;sid:84322915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459817)"; flow:established,from_client; content:"GET"; http_method; content:"/asdjodsaijodsajoip/mod-gta5/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459817/; classtype:trojan-activity;sid:84322917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459818)"; flow:established,from_client; content:"GET"; http_method; content:"/burlador31/mod-gta5/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459818/; classtype:trojan-activity;sid:84322918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459744)"; flow:established,from_client; content:"GET"; http_method; content:"/asaelelcrack/mod-gta5/releases/download/v2.0/release_x64.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459744/; classtype:trojan-activity;sid:84322844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459742)"; flow:established,from_client; content:"GET"; http_method; content:"/minedreamback/mod-gta5/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459742/; classtype:trojan-activity;sid:84322842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459731)"; flow:established,from_client; content:"GET"; http_method; content:"/hackermanisdumb/mod-gta5/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459731/; classtype:trojan-activity;sid:84322831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459714)"; flow:established,from_client; content:"GET"; http_method; content:"/sweaty27/roblox-bunni-executor/releases/download/v3.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459714/; classtype:trojan-activity;sid:84322814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459660)"; flow:established,from_client; content:"GET"; http_method; content:"/joseber1/bioguard-hwid-spoofer-hwid-changer-bios-cpu/releases/download/v2.0/software.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459660/; classtype:trojan-activity;sid:84322760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459620)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92.255.57.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459620/; classtype:trojan-activity;sid:84322720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459619)"; flow:established,from_client; content:"GET"; http_method; content:"/b.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.255.57.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459619/; classtype:trojan-activity;sid:84322719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.231.183.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459585/; classtype:trojan-activity;sid:84322685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459513)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"8.217.202.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459513/; classtype:trojan-activity;sid:84322613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459512)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"8.217.202.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459512/; classtype:trojan-activity;sid:84322612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459474/; classtype:trojan-activity;sid:84322574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459462/; classtype:trojan-activity;sid:84322562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459443)"; flow:established,from_client; content:"GET"; http_method; content:"/230/csoss.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.12.81.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459443/; classtype:trojan-activity;sid:84322543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459439)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459439/; classtype:trojan-activity;sid:84322539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459405)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459405/; classtype:trojan-activity;sid:84322505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459406)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459406/; classtype:trojan-activity;sid:84322506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459407)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459407/; classtype:trojan-activity;sid:84322507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459408)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459408/; classtype:trojan-activity;sid:84322508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459409)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459409/; classtype:trojan-activity;sid:84322509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459410)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459410/; classtype:trojan-activity;sid:84322510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459411)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459411/; classtype:trojan-activity;sid:84322511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459400)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459400/; classtype:trojan-activity;sid:84322500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459401)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459401/; classtype:trojan-activity;sid:84322501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459402)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459402/; classtype:trojan-activity;sid:84322502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459403)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459403/; classtype:trojan-activity;sid:84322503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459404)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"yn.noyoo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459404/; classtype:trojan-activity;sid:84322504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459381)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/panel/uploads/zdidffcx.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459381/; classtype:trojan-activity;sid:84322481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459382)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/panel/uploads/ovceowrnks.wav"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459382/; classtype:trojan-activity;sid:84322482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459376)"; flow:established,from_client; content:"GET"; http_method; content:"/b.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459376/; classtype:trojan-activity;sid:84322476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459377)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/panel/uploads/tiyxz.dat"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459377/; classtype:trojan-activity;sid:84322477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459378)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/panel/uploads/isbefmti.wav"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459378/; classtype:trojan-activity;sid:84322478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459370)"; flow:established,from_client; content:"GET"; http_method; content:"/a.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459370/; classtype:trojan-activity;sid:84322470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459374)"; flow:established,from_client; content:"GET"; http_method; content:"/js.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.7.214.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459374/; classtype:trojan-activity;sid:84322474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459375)"; flow:established,from_client; content:"GET"; http_method; content:"/d.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459375/; classtype:trojan-activity;sid:84322475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459367)"; flow:established,from_client; content:"GET"; http_method; content:"/c.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459367/; classtype:trojan-activity;sid:84322467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459368)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.7.214.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459368/; classtype:trojan-activity;sid:84322468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459351)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/panel/uploads/evvtdlkur.wav"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459351/; classtype:trojan-activity;sid:84322451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459347)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/panel/uploads/wsnbytrhsuk.wav"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459347/; classtype:trojan-activity;sid:84322447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459348)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/panel/uploads/fmcqcdce.vdf"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459348/; classtype:trojan-activity;sid:84322448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459051)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459051/; classtype:trojan-activity;sid:84322151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459048)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459048/; classtype:trojan-activity;sid:84322148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459049)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459049/; classtype:trojan-activity;sid:84322149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459050)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459050/; classtype:trojan-activity;sid:84322150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459038)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459038/; classtype:trojan-activity;sid:84322138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459039)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459039/; classtype:trojan-activity;sid:84322139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459040)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459040/; classtype:trojan-activity;sid:84322140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459041)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459041/; classtype:trojan-activity;sid:84322141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459042)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459042/; classtype:trojan-activity;sid:84322142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459043)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459043/; classtype:trojan-activity;sid:84322143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459044)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459044/; classtype:trojan-activity;sid:84322144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459045)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459045/; classtype:trojan-activity;sid:84322145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459046)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459046/; classtype:trojan-activity;sid:84322146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.130.77.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459034/; classtype:trojan-activity;sid:84322134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459028)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3459028/; classtype:trojan-activity;sid:84322128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.130.77.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458986/; classtype:trojan-activity;sid:84322086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458912)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458912/; classtype:trojan-activity;sid:84322012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458690)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458690/; classtype:trojan-activity;sid:84321790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458684)"; flow:established,from_client; content:"GET"; http_method; content:"/rppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458684/; classtype:trojan-activity;sid:84321784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zermpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458687/; classtype:trojan-activity;sid:84321787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458681/; classtype:trojan-activity;sid:84321781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/n3881.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458683/; classtype:trojan-activity;sid:84321783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/karm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458678/; classtype:trojan-activity;sid:84321778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nfarc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458673/; classtype:trojan-activity;sid:84321773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458674/; classtype:trojan-activity;sid:84321774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458676)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458676/; classtype:trojan-activity;sid:84321776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458665/; classtype:trojan-activity;sid:84321765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458669/; classtype:trojan-activity;sid:84321769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458658/; classtype:trojan-activity;sid:84321758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458651/; classtype:trojan-activity;sid:84321751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458653/; classtype:trojan-activity;sid:84321753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zersh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458654/; classtype:trojan-activity;sid:84321754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458645)"; flow:established,from_client; content:"GET"; http_method; content:"/brr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458645/; classtype:trojan-activity;sid:84321745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bj"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458647/; classtype:trojan-activity;sid:84321747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458650)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458650/; classtype:trojan-activity;sid:84321750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tr"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458641/; classtype:trojan-activity;sid:84321741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458636/; classtype:trojan-activity;sid:84321736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458629)"; flow:established,from_client; content:"GET"; http_method; content:"/nshmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458629/; classtype:trojan-activity;sid:84321729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458631)"; flow:established,from_client; content:"GET"; http_method; content:"/nfmips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458631/; classtype:trojan-activity;sid:84321731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458619)"; flow:established,from_client; content:"GET"; http_method; content:"/kmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458619/; classtype:trojan-activity;sid:84321719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458620)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458620/; classtype:trojan-activity;sid:84321720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/klfarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458627/; classtype:trojan-activity;sid:84321727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458615)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458615/; classtype:trojan-activity;sid:84321715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458616)"; flow:established,from_client; content:"GET"; http_method; content:"/nfarc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458616/; classtype:trojan-activity;sid:84321716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458617)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458617/; classtype:trojan-activity;sid:84321717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458609)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nfppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458609/; classtype:trojan-activity;sid:84321709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/klfmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458614/; classtype:trojan-activity;sid:84321714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458603)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458603/; classtype:trojan-activity;sid:84321703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nfarm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458607/; classtype:trojan-activity;sid:84321707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458601)"; flow:established,from_client; content:"GET"; http_method; content:"/kx86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458601/; classtype:trojan-activity;sid:84321701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458592)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458592/; classtype:trojan-activity;sid:84321692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458593)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458593/; classtype:trojan-activity;sid:84321693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458595)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458595/; classtype:trojan-activity;sid:84321695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458596)"; flow:established,from_client; content:"GET"; http_method; content:"/karm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458596/; classtype:trojan-activity;sid:84321696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458590)"; flow:established,from_client; content:"GET"; http_method; content:"/rmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458590/; classtype:trojan-activity;sid:84321690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458580)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458580/; classtype:trojan-activity;sid:84321680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458581)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458581/; classtype:trojan-activity;sid:84321681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458582)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458582/; classtype:trojan-activity;sid:84321682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458583)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458583/; classtype:trojan-activity;sid:84321683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458586)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458586/; classtype:trojan-activity;sid:84321686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458577/; classtype:trojan-activity;sid:84321677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/klfsh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458568/; classtype:trojan-activity;sid:84321668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458570/; classtype:trojan-activity;sid:84321670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458565)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458565/; classtype:trojan-activity;sid:84321665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458567)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458567/; classtype:trojan-activity;sid:84321667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458559/; classtype:trojan-activity;sid:84321659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/karm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458552/; classtype:trojan-activity;sid:84321652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gig.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458537/; classtype:trojan-activity;sid:84321637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458541/; classtype:trojan-activity;sid:84321641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458543)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458543/; classtype:trojan-activity;sid:84321643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458545)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458545/; classtype:trojan-activity;sid:84321645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ztest"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458546/; classtype:trojan-activity;sid:84321646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458548)"; flow:established,from_client; content:"GET"; http_method; content:"/bj"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458548/; classtype:trojan-activity;sid:84321648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458535/; classtype:trojan-activity;sid:84321635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458528)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458528/; classtype:trojan-activity;sid:84321628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458529)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458529/; classtype:trojan-activity;sid:84321629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458530/; classtype:trojan-activity;sid:84321630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458516)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458516/; classtype:trojan-activity;sid:84321616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458519)"; flow:established,from_client; content:"GET"; http_method; content:"/nfsh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458519/; classtype:trojan-activity;sid:84321619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458522)"; flow:established,from_client; content:"GET"; http_method; content:"/ex"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458522/; classtype:trojan-activity;sid:84321622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458523)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458523/; classtype:trojan-activity;sid:84321623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458524)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458524/; classtype:trojan-activity;sid:84321624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458515/; classtype:trojan-activity;sid:84321615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458508)"; flow:established,from_client; content:"GET"; http_method; content:"/wop"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458508/; classtype:trojan-activity;sid:84321608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458509)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458509/; classtype:trojan-activity;sid:84321609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458501)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458501/; classtype:trojan-activity;sid:84321601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458502)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458502/; classtype:trojan-activity;sid:84321602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458503)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458503/; classtype:trojan-activity;sid:84321603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458504)"; flow:established,from_client; content:"GET"; http_method; content:"/rarc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458504/; classtype:trojan-activity;sid:84321604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458498)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458498/; classtype:trojan-activity;sid:84321598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458499)"; flow:established,from_client; content:"GET"; http_method; content:"/wert"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458499/; classtype:trojan-activity;sid:84321599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458488)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458488/; classtype:trojan-activity;sid:84321588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458490)"; flow:established,from_client; content:"GET"; http_method; content:"/rmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458490/; classtype:trojan-activity;sid:84321590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458492)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458492/; classtype:trojan-activity;sid:84321592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458484)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458484/; classtype:trojan-activity;sid:84321584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zxc.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458476/; classtype:trojan-activity;sid:84321576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rsh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458477/; classtype:trojan-activity;sid:84321577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nsharm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458478/; classtype:trojan-activity;sid:84321578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458480)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458480/; classtype:trojan-activity;sid:84321580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458482/; classtype:trojan-activity;sid:84321582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458483/; classtype:trojan-activity;sid:84321583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/klfppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458466/; classtype:trojan-activity;sid:84321566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458467/; classtype:trojan-activity;sid:84321567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458470/; classtype:trojan-activity;sid:84321570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458471/; classtype:trojan-activity;sid:84321571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458472)"; flow:established,from_client; content:"GET"; http_method; content:"/rx86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458472/; classtype:trojan-activity;sid:84321572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/klfarc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458473/; classtype:trojan-activity;sid:84321573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458463/; classtype:trojan-activity;sid:84321563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458458)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458458/; classtype:trojan-activity;sid:84321558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458459)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458459/; classtype:trojan-activity;sid:84321559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458446/; classtype:trojan-activity;sid:84321546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458447)"; flow:established,from_client; content:"GET"; http_method; content:"/nfarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458447/; classtype:trojan-activity;sid:84321547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kflarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458451/; classtype:trojan-activity;sid:84321551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/klf86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458453/; classtype:trojan-activity;sid:84321553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458454)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458454/; classtype:trojan-activity;sid:84321554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458455)"; flow:established,from_client; content:"GET"; http_method; content:"/nfmpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458455/; classtype:trojan-activity;sid:84321555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458441)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pdvr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458441/; classtype:trojan-activity;sid:84321541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/klfmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458436/; classtype:trojan-activity;sid:84321536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458439)"; flow:established,from_client; content:"GET"; http_method; content:"/karm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458439/; classtype:trojan-activity;sid:84321539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458423)"; flow:established,from_client; content:"GET"; http_method; content:"/chomp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458423/; classtype:trojan-activity;sid:84321523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rx86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458426/; classtype:trojan-activity;sid:84321526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458427)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458427/; classtype:trojan-activity;sid:84321527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kx86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458428/; classtype:trojan-activity;sid:84321528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458432)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458432/; classtype:trojan-activity;sid:84321532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458420/; classtype:trojan-activity;sid:84321520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458421/; classtype:trojan-activity;sid:84321521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458412)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458412/; classtype:trojan-activity;sid:84321512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rarm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458413/; classtype:trojan-activity;sid:84321513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458414/; classtype:trojan-activity;sid:84321514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458415)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458415/; classtype:trojan-activity;sid:84321515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rarm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458416/; classtype:trojan-activity;sid:84321516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458417/; classtype:trojan-activity;sid:84321517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458418)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458418/; classtype:trojan-activity;sid:84321518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458404/; classtype:trojan-activity;sid:84321504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458405)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458405/; classtype:trojan-activity;sid:84321505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wop"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458406/; classtype:trojan-activity;sid:84321506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458409)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458409/; classtype:trojan-activity;sid:84321509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458400)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458400/; classtype:trojan-activity;sid:84321500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458395/; classtype:trojan-activity;sid:84321495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458397)"; flow:established,from_client; content:"GET"; http_method; content:"/we"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458397/; classtype:trojan-activity;sid:84321497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458387/; classtype:trojan-activity;sid:84321487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458390)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458390/; classtype:trojan-activity;sid:84321490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458392)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458392/; classtype:trojan-activity;sid:84321492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ipc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458381/; classtype:trojan-activity;sid:84321481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458383)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458383/; classtype:trojan-activity;sid:84321483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerspc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458375/; classtype:trojan-activity;sid:84321475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458377)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458377/; classtype:trojan-activity;sid:84321477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458379/; classtype:trojan-activity;sid:84321479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458363)"; flow:established,from_client; content:"GET"; http_method; content:"/tr"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458363/; classtype:trojan-activity;sid:84321463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458366)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458366/; classtype:trojan-activity;sid:84321466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458373)"; flow:established,from_client; content:"GET"; http_method; content:"/rsh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458373/; classtype:trojan-activity;sid:84321473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458354)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458354/; classtype:trojan-activity;sid:84321454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458355)"; flow:established,from_client; content:"GET"; http_method; content:"/klfarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458355/; classtype:trojan-activity;sid:84321455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458356)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458356/; classtype:trojan-activity;sid:84321456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ah"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458357/; classtype:trojan-activity;sid:84321457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458359)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458359/; classtype:trojan-activity;sid:84321459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458361)"; flow:established,from_client; content:"GET"; http_method; content:"/ah"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458361/; classtype:trojan-activity;sid:84321461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458351)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458351/; classtype:trojan-activity;sid:84321451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458352)"; flow:established,from_client; content:"GET"; http_method; content:"/nsharm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458352/; classtype:trojan-activity;sid:84321452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458353)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458353/; classtype:trojan-activity;sid:84321453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458347/; classtype:trojan-activity;sid:84321447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458350)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458350/; classtype:trojan-activity;sid:84321450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458342)"; flow:established,from_client; content:"GET"; http_method; content:"/pdvr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458342/; classtype:trojan-activity;sid:84321442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/chomp"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458333/; classtype:trojan-activity;sid:84321433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458338)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458338/; classtype:trojan-activity;sid:84321438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458331)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458331/; classtype:trojan-activity;sid:84321431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458315)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458315/; classtype:trojan-activity;sid:84321415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458316)"; flow:established,from_client; content:"GET"; http_method; content:"/kmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458316/; classtype:trojan-activity;sid:84321416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458319)"; flow:established,from_client; content:"GET"; http_method; content:"/buf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458319/; classtype:trojan-activity;sid:84321419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458320)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458320/; classtype:trojan-activity;sid:84321420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458321)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458321/; classtype:trojan-activity;sid:84321421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458322)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458322/; classtype:trojan-activity;sid:84321422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458324)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458324/; classtype:trojan-activity;sid:84321424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458313)"; flow:established,from_client; content:"GET"; http_method; content:"/nfarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458313/; classtype:trojan-activity;sid:84321413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458314)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458314/; classtype:trojan-activity;sid:84321414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458310)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458310/; classtype:trojan-activity;sid:84321410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458300/; classtype:trojan-activity;sid:84321400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/buf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458302/; classtype:trojan-activity;sid:84321402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458287)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458287/; classtype:trojan-activity;sid:84321387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458289)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/klfarm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458289/; classtype:trojan-activity;sid:84321389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458290)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458290/; classtype:trojan-activity;sid:84321390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458292)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458292/; classtype:trojan-activity;sid:84321392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/brr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458298/; classtype:trojan-activity;sid:84321398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458285)"; flow:established,from_client; content:"GET"; http_method; content:"/klfarc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458285/; classtype:trojan-activity;sid:84321385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458277)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/karm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458277/; classtype:trojan-activity;sid:84321377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458258/; classtype:trojan-activity;sid:84321358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458260)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458260/; classtype:trojan-activity;sid:84321360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nfmpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458263/; classtype:trojan-activity;sid:84321363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458265)"; flow:established,from_client; content:"GET"; http_method; content:"/rarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458265/; classtype:trojan-activity;sid:84321365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458266)"; flow:established,from_client; content:"GET"; http_method; content:"/klfmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458266/; classtype:trojan-activity;sid:84321366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458268)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458268/; classtype:trojan-activity;sid:84321368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458269)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ex"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458269/; classtype:trojan-activity;sid:84321369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458233)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458233/; classtype:trojan-activity;sid:84321333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458234)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nshmips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458234/; classtype:trojan-activity;sid:84321334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458235)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458235/; classtype:trojan-activity;sid:84321335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458237)"; flow:established,from_client; content:"GET"; http_method; content:"/kflarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458237/; classtype:trojan-activity;sid:84321337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458243/; classtype:trojan-activity;sid:84321343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zerarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458249/; classtype:trojan-activity;sid:84321349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458253)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458253/; classtype:trojan-activity;sid:84321353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458225/; classtype:trojan-activity;sid:84321325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458226)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nklmpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458226/; classtype:trojan-activity;sid:84321326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458229)"; flow:established,from_client; content:"GET"; http_method; content:"/nfx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458229/; classtype:trojan-activity;sid:84321329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458231/; classtype:trojan-activity;sid:84321331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zermips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458193/; classtype:trojan-activity;sid:84321293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nabx86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458195/; classtype:trojan-activity;sid:84321295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458196)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458196/; classtype:trojan-activity;sid:84321296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458197)"; flow:established,from_client; content:"GET"; http_method; content:"/irn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458197/; classtype:trojan-activity;sid:84321297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458198)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jklarm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458198/; classtype:trojan-activity;sid:84321298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458203)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458203/; classtype:trojan-activity;sid:84321303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458208)"; flow:established,from_client; content:"GET"; http_method; content:"/nfppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458208/; classtype:trojan-activity;sid:84321308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458209)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458209/; classtype:trojan-activity;sid:84321309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458211)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458211/; classtype:trojan-activity;sid:84321311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458212)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458212/; classtype:trojan-activity;sid:84321312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458213)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458213/; classtype:trojan-activity;sid:84321313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458217)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/irn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458217/; classtype:trojan-activity;sid:84321317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458221)"; flow:established,from_client; content:"GET"; http_method; content:"/rarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458221/; classtype:trojan-activity;sid:84321321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458223)"; flow:established,from_client; content:"GET"; http_method; content:"/klfarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458223/; classtype:trojan-activity;sid:84321323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458224)"; flow:established,from_client; content:"GET"; http_method; content:"/ztest"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.19.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458224/; classtype:trojan-activity;sid:84321324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.218.56.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458150/; classtype:trojan-activity;sid:84321250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.180.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458147/; classtype:trojan-activity;sid:84321247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.30.246.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458145/; classtype:trojan-activity;sid:84321245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458099)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.30.154.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458099/; classtype:trojan-activity;sid:84321199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458100)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.30.154.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458100/; classtype:trojan-activity;sid:84321200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458101)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.46.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458101/; classtype:trojan-activity;sid:84321201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458093)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/panel/uploads/uboldotxucv.mp4"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458093/; classtype:trojan-activity;sid:84321193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458065)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.33.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458065/; classtype:trojan-activity;sid:84321165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458073)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.122.1.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458073/; classtype:trojan-activity;sid:84321173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458074)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.27.241.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458074/; classtype:trojan-activity;sid:84321174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458075)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.122.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458075/; classtype:trojan-activity;sid:84321175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458040)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/gdmxewiusnd174.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458040/; classtype:trojan-activity;sid:84321140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3458038)"; flow:established,from_client; content:"GET"; http_method; content:"/kyc/awtfj88.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3458038/; classtype:trojan-activity;sid:84321138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3453086)"; flow:established,from_client; content:"GET"; http_method; content:"/scan/spirit.tgz"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.73.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3453086/; classtype:trojan-activity;sid:84316186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3453055)"; flow:established,from_client; content:"GET"; http_method; content:"/cet/aduna"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3453055/; classtype:trojan-activity;sid:84316155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452906)"; flow:established,from_client; content:"GET"; http_method; content:"/ten/silikatet.java"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"alephmim.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3452906/; classtype:trojan-activity;sid:84316006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452775)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3452775/; classtype:trojan-activity;sid:84315875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452754)"; flow:established,from_client; content:"GET"; http_method; content:"/3.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.198.49.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3452754/; classtype:trojan-activity;sid:84315854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452753)"; flow:established,from_client; content:"GET"; http_method; content:"/2.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.198.49.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3452753/; classtype:trojan-activity;sid:84315853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452749)"; flow:established,from_client; content:"GET"; http_method; content:"/dll2.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.198.49.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3452749/; classtype:trojan-activity;sid:84315849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.139.188.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_26; reference:url, urlhaus.abuse.ch/url/3452696/; classtype:trojan-activity;sid:84315796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.140.237.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452248/; classtype:trojan-activity;sid:84315348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.238.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452241/; classtype:trojan-activity;sid:84315341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.117.39.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452236/; classtype:trojan-activity;sid:84315336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452202)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.46.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452202/; classtype:trojan-activity;sid:84315302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452200)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452200/; classtype:trojan-activity;sid:84315300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452050)"; flow:established,from_client; content:"GET"; http_method; content:"/files/martin2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452050/; classtype:trojan-activity;sid:84315150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452044)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452044/; classtype:trojan-activity;sid:84315144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452046)"; flow:established,from_client; content:"GET"; http_method; content:"/files/teamex_support/random.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452046/; classtype:trojan-activity;sid:84315146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452040)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452040/; classtype:trojan-activity;sid:84315140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452038)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452038/; classtype:trojan-activity;sid:84315138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452039)"; flow:established,from_client; content:"GET"; http_method; content:"/off/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452039/; classtype:trojan-activity;sid:84315139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452034)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452034/; classtype:trojan-activity;sid:84315134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451985)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a147182cc7fab317ca1d96d380f536cb/skidmore1987.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451985/; classtype:trojan-activity;sid:84315085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451909)"; flow:established,from_client; content:"GET"; http_method; content:"/akp/jiadlpjgldlfhz94.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"alephmim.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451909/; classtype:trojan-activity;sid:84315009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451907)"; flow:established,from_client; content:"GET"; http_method; content:"/akp/kabelfringernes.mdp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"alephmim.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451907/; classtype:trojan-activity;sid:84315007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451883)"; flow:established,from_client; content:"GET"; http_method; content:"/ivomuphxhfnfqyvnpxswex207.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"esgroupnet.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451883/; classtype:trojan-activity;sid:84314983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451869)"; flow:established,from_client; content:"GET"; http_method; content:"/po/sandskkens.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ooriginalused.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451869/; classtype:trojan-activity;sid:84314969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.67.62.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451796/; classtype:trojan-activity;sid:84314896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.67.62.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_24; reference:url, urlhaus.abuse.ch/url/3451362/; classtype:trojan-activity;sid:84314462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.208.204.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_24; reference:url, urlhaus.abuse.ch/url/3451260/; classtype:trojan-activity;sid:84314360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451156)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"expay.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_02_24; reference:url, urlhaus.abuse.ch/url/3451156/; classtype:trojan-activity;sid:84314256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.132.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_24; reference:url, urlhaus.abuse.ch/url/3451116/; classtype:trojan-activity;sid:84314216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450855)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.nn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_24; reference:url, urlhaus.abuse.ch/url/3450855/; classtype:trojan-activity;sid:84313955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450858)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.nn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_24; reference:url, urlhaus.abuse.ch/url/3450858/; classtype:trojan-activity;sid:84313958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450181)"; flow:established,from_client; content:"GET"; http_method; content:"/js.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.7.214.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450181/; classtype:trojan-activity;sid:84313281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450179)"; flow:established,from_client; content:"GET"; http_method; content:"/d.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450179/; classtype:trojan-activity;sid:84313279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450180)"; flow:established,from_client; content:"GET"; http_method; content:"/c.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450180/; classtype:trojan-activity;sid:84313280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450177)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd2.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.7.214.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450177/; classtype:trojan-activity;sid:84313277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450147)"; flow:established,from_client; content:"GET"; http_method; content:"/loveryajenja/lwafmwoafmw11/raw/refs/heads/main/install.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450147/; classtype:trojan-activity;sid:84313247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450048)"; flow:established,from_client; content:"GET"; http_method; content:"/continue/45.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.benshamcentre.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450048/; classtype:trojan-activity;sid:84313148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.32.254.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449989/; classtype:trojan-activity;sid:84313089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449986/; classtype:trojan-activity;sid:84313086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449954)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.237.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449954/; classtype:trojan-activity;sid:84313054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449955)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.162.206.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449955/; classtype:trojan-activity;sid:84313055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449957)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.162.206.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449957/; classtype:trojan-activity;sid:84313057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.66.14.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449437/; classtype:trojan-activity;sid:84312537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.66.14.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449426/; classtype:trojan-activity;sid:84312526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3449132/; classtype:trojan-activity;sid:84312232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.6.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3449131/; classtype:trojan-activity;sid:84312231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.147.40.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3449125/; classtype:trojan-activity;sid:84312225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448991)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.220.217.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448991/; classtype:trojan-activity;sid:84312091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448961)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.18.190.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448961/; classtype:trojan-activity;sid:84312061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.237.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448951/; classtype:trojan-activity;sid:84312051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.237.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448948/; classtype:trojan-activity;sid:84312048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448947)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.74.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448947/; classtype:trojan-activity;sid:84312047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.133.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448910/; classtype:trojan-activity;sid:84312010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.124.115.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448902/; classtype:trojan-activity;sid:84312002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.156.207.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448906/; classtype:trojan-activity;sid:84312006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.200.142.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448901/; classtype:trojan-activity;sid:84312001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"50.217.49.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448898/; classtype:trojan-activity;sid:84311998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448808)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.188.254.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448808/; classtype:trojan-activity;sid:84311908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448777/; classtype:trojan-activity;sid:84311877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448676)"; flow:established,from_client; content:"GET"; http_method; content:"/gamingdued123/ueukfi/main/clientside.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448676/; classtype:trojan-activity;sid:84311776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448673)"; flow:established,from_client; content:"GET"; http_method; content:"/barhom1/brobr/raw/main/windowsservices.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448673/; classtype:trojan-activity;sid:84311773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448674)"; flow:established,from_client; content:"GET"; http_method; content:"/kostyosthesystem/ratnik/refs/heads/main/ratnik.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448674/; classtype:trojan-activity;sid:84311774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448431)"; flow:established,from_client; content:"GET"; http_method; content:"/ifhfsyzznvzlyi163.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"204.10.160.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448431/; classtype:trojan-activity;sid:84311531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.148.245.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448370/; classtype:trojan-activity;sid:84311470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.148.245.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448346/; classtype:trojan-activity;sid:84311446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448282)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.100.232.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448282/; classtype:trojan-activity;sid:84311382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448167)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a4a27c4e516fb1d80cd91f413c7599f3/soravit2012.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448167/; classtype:trojan-activity;sid:84311267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447988)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447988/; classtype:trojan-activity;sid:84311088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447989)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447989/; classtype:trojan-activity;sid:84311089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447990)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447990/; classtype:trojan-activity;sid:84311090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447987)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447987/; classtype:trojan-activity;sid:84311087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447980)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447980/; classtype:trojan-activity;sid:84311080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447981)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447981/; classtype:trojan-activity;sid:84311081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447982)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447982/; classtype:trojan-activity;sid:84311082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447983)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447983/; classtype:trojan-activity;sid:84311083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447984)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447984/; classtype:trojan-activity;sid:84311084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447985)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447985/; classtype:trojan-activity;sid:84311085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447986)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"js.telega.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447986/; classtype:trojan-activity;sid:84311086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447966)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447966/; classtype:trojan-activity;sid:84311066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447967)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447967/; classtype:trojan-activity;sid:84311067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447968)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447968/; classtype:trojan-activity;sid:84311068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447969)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447969/; classtype:trojan-activity;sid:84311069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447970)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447970/; classtype:trojan-activity;sid:84311070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447971)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447971/; classtype:trojan-activity;sid:84311071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447972)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447972/; classtype:trojan-activity;sid:84311072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447973)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447973/; classtype:trojan-activity;sid:84311073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447974)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447974/; classtype:trojan-activity;sid:84311074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447975)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447975/; classtype:trojan-activity;sid:84311075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447976)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.117.120.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447976/; classtype:trojan-activity;sid:84311076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447891)"; flow:established,from_client; content:"GET"; http_method; content:"/test_2025/test_20_02"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"88.151.192.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447891/; classtype:trojan-activity;sid:84310991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447807)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447807/; classtype:trojan-activity;sid:84310907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447795)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.82.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447795/; classtype:trojan-activity;sid:84310895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447802)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.153.76.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447802/; classtype:trojan-activity;sid:84310902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447711/; classtype:trojan-activity;sid:84310811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447702/; classtype:trojan-activity;sid:84310802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447703/; classtype:trojan-activity;sid:84310803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447704/; classtype:trojan-activity;sid:84310804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447705/; classtype:trojan-activity;sid:84310805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447706/; classtype:trojan-activity;sid:84310806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447707/; classtype:trojan-activity;sid:84310807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447708/; classtype:trojan-activity;sid:84310808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447709/; classtype:trojan-activity;sid:84310809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447710/; classtype:trojan-activity;sid:84310810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447700)"; flow:established,from_client; content:"GET"; http_method; content:"/pe.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447700/; classtype:trojan-activity;sid:84310800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447701/; classtype:trojan-activity;sid:84310801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kre4per.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447697/; classtype:trojan-activity;sid:84310797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447698)"; flow:established,from_client; content:"GET"; http_method; content:"/meta.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447698/; classtype:trojan-activity;sid:84310798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447699)"; flow:established,from_client; content:"GET"; http_method; content:"/kraapje.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"84.200.24.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447699/; classtype:trojan-activity;sid:84310799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64le"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447679/; classtype:trojan-activity;sid:84310779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.42.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447681/; classtype:trojan-activity;sid:84310781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i586"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447670/; classtype:trojan-activity;sid:84310770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64_be"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447671/; classtype:trojan-activity;sid:84310771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447672/; classtype:trojan-activity;sid:84310772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447673/; classtype:trojan-activity;sid:84310773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mipsle"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447674/; classtype:trojan-activity;sid:84310774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447675/; classtype:trojan-activity;sid:84310775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447676/; classtype:trojan-activity;sid:84310776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447677/; classtype:trojan-activity;sid:84310777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.43.196.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447651/; classtype:trojan-activity;sid:84310751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447471)"; flow:established,from_client; content:"GET"; http_method; content:"/blackshell256/null-amsi/refs/heads/main/invoke-nullamsi.ps1"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447471/; classtype:trojan-activity;sid:84310571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447458)"; flow:established,from_client; content:"GET"; http_method; content:"/sena1.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447458/; classtype:trojan-activity;sid:84310558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447456)"; flow:established,from_client; content:"GET"; http_method; content:"/manga1.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447456/; classtype:trojan-activity;sid:84310556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447457)"; flow:established,from_client; content:"GET"; http_method; content:"/colheita1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447457/; classtype:trojan-activity;sid:84310557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447444)"; flow:established,from_client; content:"GET"; http_method; content:"/imnddhs/rainbow.jpg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"parmisbuilding.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447444/; classtype:trojan-activity;sid:84310544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.44.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447421/; classtype:trojan-activity;sid:84310521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.53.106.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3446923/; classtype:trojan-activity;sid:84310023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.53.106.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446902/; classtype:trojan-activity;sid:84310002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"8.28.106.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446707/; classtype:trojan-activity;sid:84309807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446661)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446661/; classtype:trojan-activity;sid:84309761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446659)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.46.19.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446659/; classtype:trojan-activity;sid:84309759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446660)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446660/; classtype:trojan-activity;sid:84309760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446657)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446657/; classtype:trojan-activity;sid:84309757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446653)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446653/; classtype:trojan-activity;sid:84309753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446652)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.46.19.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446652/; classtype:trojan-activity;sid:84309752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446649)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446649/; classtype:trojan-activity;sid:84309749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446650)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.46.19.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446650/; classtype:trojan-activity;sid:84309750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446644)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446644/; classtype:trojan-activity;sid:84309744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446647)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.30.204.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446647/; classtype:trojan-activity;sid:84309747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446643)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.46.19.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446643/; classtype:trojan-activity;sid:84309743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446639)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.46.19.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446639/; classtype:trojan-activity;sid:84309739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.46.19.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446640/; classtype:trojan-activity;sid:84309740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446631)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446631/; classtype:trojan-activity;sid:84309731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446627/; classtype:trojan-activity;sid:84309727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446629)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446629/; classtype:trojan-activity;sid:84309729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8.28.106.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446614/; classtype:trojan-activity;sid:84309714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446449)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446449/; classtype:trojan-activity;sid:84309549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.125.45.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446424/; classtype:trojan-activity;sid:84309524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.26.216.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446418/; classtype:trojan-activity;sid:84309518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.10.57.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446411/; classtype:trojan-activity;sid:84309511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.44.75.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446416/; classtype:trojan-activity;sid:84309516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.180.176.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446406/; classtype:trojan-activity;sid:84309506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446372)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446372/; classtype:trojan-activity;sid:84309472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446262)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/panel/uploads/dyenntjr.mp3"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446262/; classtype:trojan-activity;sid:84309362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446260)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/1.rar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446260/; classtype:trojan-activity;sid:84309360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446258)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/ktqorg.wav"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446258/; classtype:trojan-activity;sid:84309358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446259)"; flow:established,from_client; content:"GET"; http_method; content:"/win32/ckjjsmybs.vdf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.71.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446259/; classtype:trojan-activity;sid:84309359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445991)"; flow:established,from_client; content:"GET"; http_method; content:"/aromatchebuyrkos/chekingbebra/refs/heads/main/neverrrrrrrrr.txt"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3445991/; classtype:trojan-activity;sid:84309091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445854)"; flow:established,from_client; content:"GET"; http_method; content:"/coracion1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vaamsmgfreocmroe-1342087530.cos.sa-saopaulo.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3445854/; classtype:trojan-activity;sid:84308954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.177.223.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445482/; classtype:trojan-activity;sid:84308582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445431)"; flow:established,from_client; content:"GET"; http_method; content:"/data/df4a3196-accc-423a-a43b-6768f1aafd3e.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445431/; classtype:trojan-activity;sid:84308531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445438)"; flow:established,from_client; content:"GET"; http_method; content:"/data/f6416fd0-71f3-45de-8c79-3d0e7281f124.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445438/; classtype:trojan-activity;sid:84308538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445410)"; flow:established,from_client; content:"GET"; http_method; content:"/nc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.60.165.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445410/; classtype:trojan-activity;sid:84308510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445408)"; flow:established,from_client; content:"GET"; http_method; content:"/pics.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.57.37.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445408/; classtype:trojan-activity;sid:84308508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445409)"; flow:established,from_client; content:"GET"; http_method; content:"/nc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.57.37.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445409/; classtype:trojan-activity;sid:84308509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445404)"; flow:established,from_client; content:"GET"; http_method; content:"/fc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.188.254.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445404/; classtype:trojan-activity;sid:84308504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445405)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.188.254.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445405/; classtype:trojan-activity;sid:84308505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.177.223.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445389/; classtype:trojan-activity;sid:84308489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445322)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2025/02/1framework.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"casalomaminca.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445322/; classtype:trojan-activity;sid:84308422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.204.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445302/; classtype:trojan-activity;sid:84308402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445287)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.118.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445287/; classtype:trojan-activity;sid:84308387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444519)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444519/; classtype:trojan-activity;sid:84307619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444509)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444509/; classtype:trojan-activity;sid:84307609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444510)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444510/; classtype:trojan-activity;sid:84307610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444511)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444511/; classtype:trojan-activity;sid:84307611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444512)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444512/; classtype:trojan-activity;sid:84307612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444513)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444513/; classtype:trojan-activity;sid:84307613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444514)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444514/; classtype:trojan-activity;sid:84307614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444515)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444515/; classtype:trojan-activity;sid:84307615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444516)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444516/; classtype:trojan-activity;sid:84307616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444517)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444517/; classtype:trojan-activity;sid:84307617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444518)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444518/; classtype:trojan-activity;sid:84307618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444508)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444508/; classtype:trojan-activity;sid:84307608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444506)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444506/; classtype:trojan-activity;sid:84307606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444507)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/refs/heads/main/d.msi"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444507/; classtype:trojan-activity;sid:84307607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444325)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.211.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444325/; classtype:trojan-activity;sid:84307425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444326)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444326/; classtype:trojan-activity;sid:84307426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.19.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444317/; classtype:trojan-activity;sid:84307417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.18.28.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444304/; classtype:trojan-activity;sid:84307404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444293/; classtype:trojan-activity;sid:84307393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444296/; classtype:trojan-activity;sid:84307396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.234.124.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444292/; classtype:trojan-activity;sid:84307392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444279)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444279/; classtype:trojan-activity;sid:84307379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444268)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice4231284.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"turkey-ivf.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444268/; classtype:trojan-activity;sid:84307368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444267)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/d.msi"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444267/; classtype:trojan-activity;sid:84307367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443865)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/header-footer-code-manager/images/testlab.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"www.littlemoroccanthings.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443865/; classtype:trojan-activity;sid:84306965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443834)"; flow:established,from_client; content:"GET"; http_method; content:"/yu58kf6d8gt6jyy"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443834/; classtype:trojan-activity;sid:84306934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443833)"; flow:established,from_client; content:"GET"; http_method; content:"/opcxmersq63"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443833/; classtype:trojan-activity;sid:84306933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443832)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmrifgd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443832/; classtype:trojan-activity;sid:84306932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443831)"; flow:established,from_client; content:"GET"; http_method; content:"/okfgjrg5d8gt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443831/; classtype:trojan-activity;sid:84306931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443830)"; flow:established,from_client; content:"GET"; http_method; content:"/iigorzerf4f10"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443830/; classtype:trojan-activity;sid:84306930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443829)"; flow:established,from_client; content:"GET"; http_method; content:"/jhiuhe2rg7tds"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443829/; classtype:trojan-activity;sid:84306929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443427)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.7.214.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443427/; classtype:trojan-activity;sid:84306527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.166.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443417/; classtype:trojan-activity;sid:84306517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443410)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/down.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443410/; classtype:trojan-activity;sid:84306510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443409)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/taslogin.log"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443409/; classtype:trojan-activity;sid:84306509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/tasloginbase.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443408/; classtype:trojan-activity;sid:84306508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443355/; classtype:trojan-activity;sid:84306455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443354/; classtype:trojan-activity;sid:84306454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443351)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"multiservicepitstra.direct.quickconnect.to"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443351/; classtype:trojan-activity;sid:84306451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99-118-215-24.lightspeed.irvnca.sbcglobal.net"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443353/; classtype:trojan-activity;sid:84306453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443350)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"host-95-230-215-65.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443350/; classtype:trojan-activity;sid:84306450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443347)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178-84-167-164.dynamic.upc.nl"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443347/; classtype:trojan-activity;sid:84306447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.152.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443221/; classtype:trojan-activity;sid:84306321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.108.132.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443217/; classtype:trojan-activity;sid:84306317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443201)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.119.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443201/; classtype:trojan-activity;sid:84306301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443193)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.250.238.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443193/; classtype:trojan-activity;sid:84306293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443191)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.132.70.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443191/; classtype:trojan-activity;sid:84306291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443152)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443152/; classtype:trojan-activity;sid:84306252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443151)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443151/; classtype:trojan-activity;sid:84306251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443146)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443146/; classtype:trojan-activity;sid:84306246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443147)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443147/; classtype:trojan-activity;sid:84306247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443148)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443148/; classtype:trojan-activity;sid:84306248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443149)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443149/; classtype:trojan-activity;sid:84306249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443150)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443150/; classtype:trojan-activity;sid:84306250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443139)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443139/; classtype:trojan-activity;sid:84306239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443140)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443140/; classtype:trojan-activity;sid:84306240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443141)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443141/; classtype:trojan-activity;sid:84306241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443142)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443142/; classtype:trojan-activity;sid:84306242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443143)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443143/; classtype:trojan-activity;sid:84306243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443144)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443144/; classtype:trojan-activity;sid:84306244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443145)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443145/; classtype:trojan-activity;sid:84306245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443129)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443129/; classtype:trojan-activity;sid:84306229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442945)"; flow:established,from_client; content:"GET"; http_method; content:"/vmmanagedsetup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.147.124.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442945/; classtype:trojan-activity;sid:84306045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.96.184.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442887/; classtype:trojan-activity;sid:84305987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.96.184.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442874/; classtype:trojan-activity;sid:84305974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442712)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabalmain.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442712/; classtype:trojan-activity;sid:84305812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442703)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/update.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442703/; classtype:trojan-activity;sid:84305803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442701)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabal.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442701/; classtype:trojan-activity;sid:84305801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442616)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabalmain.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442616/; classtype:trojan-activity;sid:84305716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442259)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"123.56.43.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442259/; classtype:trojan-activity;sid:84305359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442232)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442232/; classtype:trojan-activity;sid:84305332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442233)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442233/; classtype:trojan-activity;sid:84305333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442198)"; flow:established,from_client; content:"GET"; http_method; content:"/xxxx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442198/; classtype:trojan-activity;sid:84305298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442196)"; flow:established,from_client; content:"GET"; http_method; content:"/ffff"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442196/; classtype:trojan-activity;sid:84305296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442197)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442197/; classtype:trojan-activity;sid:84305297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442195)"; flow:established,from_client; content:"GET"; http_method; content:"/libmod_hellocpp_42.so"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442195/; classtype:trojan-activity;sid:84305295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442180)"; flow:established,from_client; content:"GET"; http_method; content:"/well_comportment"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.3.23.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442180/; classtype:trojan-activity;sid:84305280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442091)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/c8ab945ac1a0ab1d3c22616f6babff1a/sorahan1984.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442091/; classtype:trojan-activity;sid:84305191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442048)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"147.45.44.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442048/; classtype:trojan-activity;sid:84305148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442044)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"147.45.44.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442044/; classtype:trojan-activity;sid:84305144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442045)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"147.45.44.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442045/; classtype:trojan-activity;sid:84305145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442046)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"147.45.44.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442046/; classtype:trojan-activity;sid:84305146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442047)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"147.45.44.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442047/; classtype:trojan-activity;sid:84305147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442038)"; flow:established,from_client; content:"GET"; http_method; content:"/confirm.com/captcha"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442038/; classtype:trojan-activity;sid:84305138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442039)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmp.com/capcha"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442039/; classtype:trojan-activity;sid:84305139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442036)"; flow:established,from_client; content:"GET"; http_method; content:"/d4d2371e5d59adc0c95dea0e303b6db3/updates/aptsnsb/apt-snort-sb.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"antiapt.kaspersky-labs.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442036/; classtype:trojan-activity;sid:84305136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441997)"; flow:established,from_client; content:"GET"; http_method; content:"/sb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.229.228.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441997/; classtype:trojan-activity;sid:84305097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441998)"; flow:established,from_client; content:"GET"; http_method; content:"/cb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.229.228.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441998/; classtype:trojan-activity;sid:84305098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441999)"; flow:established,from_client; content:"GET"; http_method; content:"/cl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.229.228.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441999/; classtype:trojan-activity;sid:84305099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442000)"; flow:established,from_client; content:"GET"; http_method; content:"/sl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.229.228.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442000/; classtype:trojan-activity;sid:84305100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.122.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441890/; classtype:trojan-activity;sid:84304990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441883)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.30.150.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441883/; classtype:trojan-activity;sid:84304983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.68.233.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441871/; classtype:trojan-activity;sid:84304971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.200.25.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441868/; classtype:trojan-activity;sid:84304968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.194.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441869/; classtype:trojan-activity;sid:84304969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441864/; classtype:trojan-activity;sid:84304964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.26.61.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441862/; classtype:trojan-activity;sid:84304962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441724)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441724/; classtype:trojan-activity;sid:84304824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441690)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441690/; classtype:trojan-activity;sid:84304790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441691)"; flow:established,from_client; content:"GET"; http_method; content:"/n"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441691/; classtype:trojan-activity;sid:84304791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441238)"; flow:established,from_client; content:"GET"; http_method; content:"/main1220/main1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"88.151.192.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441238/; classtype:trojan-activity;sid:84304338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3441076/; classtype:trojan-activity;sid:84304176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440974)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l/rls"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440974/; classtype:trojan-activity;sid:84304074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440971)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rls"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440971/; classtype:trojan-activity;sid:84304071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440972)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rld"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440972/; classtype:trojan-activity;sid:84304072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440969)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440969/; classtype:trojan-activity;sid:84304069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440970)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440970/; classtype:trojan-activity;sid:84304070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440930)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440930/; classtype:trojan-activity;sid:84304030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440931)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440931/; classtype:trojan-activity;sid:84304031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440932)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440932/; classtype:trojan-activity;sid:84304032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440934)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440934/; classtype:trojan-activity;sid:84304034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.231.66.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440611/; classtype:trojan-activity;sid:84303711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440185)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.168.9.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440185/; classtype:trojan-activity;sid:84303285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439985)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.46.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439985/; classtype:trojan-activity;sid:84303085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.134.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439971/; classtype:trojan-activity;sid:84303071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.157.155.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439956/; classtype:trojan-activity;sid:84303056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.24.142.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439964/; classtype:trojan-activity;sid:84303064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.129.186.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439953/; classtype:trojan-activity;sid:84303053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.69.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439951/; classtype:trojan-activity;sid:84303051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439829)"; flow:established,from_client; content:"GET"; http_method; content:"/umbrella/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"acusense.ae"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439829/; classtype:trojan-activity;sid:84302929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439496)"; flow:established,from_client; content:"GET"; http_method; content:"/di0her478/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439496/; classtype:trojan-activity;sid:84302596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439495)"; flow:established,from_client; content:"GET"; http_method; content:"/di0her478/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439495/; classtype:trojan-activity;sid:84302595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439487)"; flow:established,from_client; content:"GET"; http_method; content:"/di0her478/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439487/; classtype:trojan-activity;sid:84302587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439479)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.26.61.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439479/; classtype:trojan-activity;sid:84302579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439088)"; flow:established,from_client; content:"GET"; http_method; content:"/6107/8404c3d00d8aee946bdf1c140c904799/sorandaru2016.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439088/; classtype:trojan-activity;sid:84302188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439032)"; flow:established,from_client; content:"GET"; http_method; content:"/tronlink.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"app-store.s3.cn-north-1.jdcloud-oss.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439032/; classtype:trojan-activity;sid:84302132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439026/; classtype:trojan-activity;sid:84302126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.215.188.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438828/; classtype:trojan-activity;sid:84301928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.215.188.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438817/; classtype:trojan-activity;sid:84301917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438629)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.154.18.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438629/; classtype:trojan-activity;sid:84301729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438596)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.53.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438596/; classtype:trojan-activity;sid:84301696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438591)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438591/; classtype:trojan-activity;sid:84301691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438594/; classtype:trojan-activity;sid:84301694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438595)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.53.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438595/; classtype:trojan-activity;sid:84301695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.9.25.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438572/; classtype:trojan-activity;sid:84301672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.208.104.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438570/; classtype:trojan-activity;sid:84301670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438541)"; flow:established,from_client; content:"GET"; http_method; content:"/android.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.221.28.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438541/; classtype:trojan-activity;sid:84301641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438540)"; flow:established,from_client; content:"GET"; http_method; content:"/android.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"down.gmexiochappt.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438540/; classtype:trojan-activity;sid:84301640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438423)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"146.19.207.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438423/; classtype:trojan-activity;sid:84301523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.220.162.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437876/; classtype:trojan-activity;sid:84300976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.250.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437818/; classtype:trojan-activity;sid:84300918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437781)"; flow:established,from_client; content:"GET"; http_method; content:"/russelia.wsf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437781/; classtype:trojan-activity;sid:84300881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437782)"; flow:established,from_client; content:"GET"; http_method; content:"/bunddkket.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437782/; classtype:trojan-activity;sid:84300882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437751)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.114.193.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437751/; classtype:trojan-activity;sid:84300851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437698)"; flow:established,from_client; content:"GET"; http_method; content:"/check-it/report"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"216.107.136.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437698/; classtype:trojan-activity;sid:84300798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.59.90.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437568/; classtype:trojan-activity;sid:84300668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.44.174.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437561/; classtype:trojan-activity;sid:84300661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.30.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436609/; classtype:trojan-activity;sid:84299709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.30.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436593/; classtype:trojan-activity;sid:84299693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.188.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436308/; classtype:trojan-activity;sid:84299408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.188.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436303/; classtype:trojan-activity;sid:84299403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.212.156.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436306/; classtype:trojan-activity;sid:84299406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436130)"; flow:established,from_client; content:"GET"; http_method; content:"/defend/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436130/; classtype:trojan-activity;sid:84299230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436126)"; flow:established,from_client; content:"GET"; http_method; content:"/test/am_no.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436126/; classtype:trojan-activity;sid:84299226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436101)"; flow:established,from_client; content:"GET"; http_method; content:"/belyy-git/karahook/raw/master/chsztdjvl.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436101/; classtype:trojan-activity;sid:84299201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3436092)"; flow:established,from_client; content:"GET"; http_method; content:"/lakrica0/asdfqw/main/wind.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3436092/; classtype:trojan-activity;sid:84299192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435910)"; flow:established,from_client; content:"GET"; http_method; content:"/last.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"207.231.111.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435910/; classtype:trojan-activity;sid:84299010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435907)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/aaa%20(3).exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435907/; classtype:trojan-activity;sid:84299007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.161.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435896/; classtype:trojan-activity;sid:84298996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.161.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_11; reference:url, urlhaus.abuse.ch/url/3435884/; classtype:trojan-activity;sid:84298984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435366/; classtype:trojan-activity;sid:84298466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.161.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435217/; classtype:trojan-activity;sid:84298317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435192)"; flow:established,from_client; content:"GET"; http_method; content:"/test/amnew.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435192/; classtype:trojan-activity;sid:84298292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435167)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/refs/heads/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435167/; classtype:trojan-activity;sid:84298267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435170)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435170/; classtype:trojan-activity;sid:84298270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435164)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/hyh/raw/master/server.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435164/; classtype:trojan-activity;sid:84298264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435151)"; flow:established,from_client; content:"GET"; http_method; content:"/acfy/cpdb/raw/main/cpdb.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435151/; classtype:trojan-activity;sid:84298251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435143)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"101.32.40.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435143/; classtype:trojan-activity;sid:84298243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435122)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.83.72.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435122/; classtype:trojan-activity;sid:84298222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435124)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"105.184.94.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435124/; classtype:trojan-activity;sid:84298224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.132.20.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435100/; classtype:trojan-activity;sid:84298200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.146.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435089/; classtype:trojan-activity;sid:84298189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.43.201.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435082/; classtype:trojan-activity;sid:84298182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435084/; classtype:trojan-activity;sid:84298184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.170.168.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435077/; classtype:trojan-activity;sid:84298177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.188.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435078/; classtype:trojan-activity;sid:84298178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.6.130.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435081/; classtype:trojan-activity;sid:84298181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435075/; classtype:trojan-activity;sid:84298175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435069)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"146.19.207.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435069/; classtype:trojan-activity;sid:84298169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435035)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"45.88.186.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435035/; classtype:trojan-activity;sid:84298135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434556)"; flow:established,from_client; content:"GET"; http_method; content:"/proltop1/popka/raw/master/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434556/; classtype:trojan-activity;sid:84297656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3434554)"; flow:established,from_client; content:"GET"; http_method; content:"/mommynikiits/nottouchingdd/master/device2.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3434554/; classtype:trojan-activity;sid:84297654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433778/; classtype:trojan-activity;sid:84296878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433627/; classtype:trojan-activity;sid:84296727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433628/; classtype:trojan-activity;sid:84296728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433623)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433623/; classtype:trojan-activity;sid:84296723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433618)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433618/; classtype:trojan-activity;sid:84296718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433617)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433617/; classtype:trojan-activity;sid:84296717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433611)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433611/; classtype:trojan-activity;sid:84296711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433612)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433612/; classtype:trojan-activity;sid:84296712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433606)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.106.217.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433606/; classtype:trojan-activity;sid:84296706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433596/; classtype:trojan-activity;sid:84296696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433598)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433598/; classtype:trojan-activity;sid:84296698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433592)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433592/; classtype:trojan-activity;sid:84296692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433533/; classtype:trojan-activity;sid:84296633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.77.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433362/; classtype:trojan-activity;sid:84296462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.96.251.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433353/; classtype:trojan-activity;sid:84296453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.211.107.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433355/; classtype:trojan-activity;sid:84296455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.171.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433349/; classtype:trojan-activity;sid:84296449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.168.9.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433346/; classtype:trojan-activity;sid:84296446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.10.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433312/; classtype:trojan-activity;sid:84296412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432391)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"152.32.138.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432391/; classtype:trojan-activity;sid:84295491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432311/; classtype:trojan-activity;sid:84295411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432232)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432232/; classtype:trojan-activity;sid:84295332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432227)"; flow:established,from_client; content:"GET"; http_method; content:"/lokelo1488/ss11/raw/refs/heads/main/loader.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432227/; classtype:trojan-activity;sid:84295327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432228)"; flow:established,from_client; content:"GET"; http_method; content:"/lokelo1488/ss11/refs/heads/main/loader.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432228/; classtype:trojan-activity;sid:84295328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432229)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgens/update50.cpl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mcpperformance.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432229/; classtype:trojan-activity;sid:84295329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432223)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/3.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432223/; classtype:trojan-activity;sid:84295323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432224)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/key.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432224/; classtype:trojan-activity;sid:84295324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432221)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/11.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432221/; classtype:trojan-activity;sid:84295321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432222)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/sil.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432222/; classtype:trojan-activity;sid:84295322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432216)"; flow:established,from_client; content:"GET"; http_method; content:"/overassertively.vbs"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432216/; classtype:trojan-activity;sid:84295316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432102)"; flow:established,from_client; content:"GET"; http_method; content:"/confirm2.com/networkscreensaverfactory7freesetup.msi"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432102/; classtype:trojan-activity;sid:84295202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432100)"; flow:established,from_client; content:"GET"; http_method; content:"/confirm2.com/captcha"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432100/; classtype:trojan-activity;sid:84295200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432094)"; flow:established,from_client; content:"GET"; http_method; content:"/forsale/silk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.240.118.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432094/; classtype:trojan-activity;sid:84295194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431687)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431687/; classtype:trojan-activity;sid:84294787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431686)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431686/; classtype:trojan-activity;sid:84294786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431678)"; flow:established,from_client; content:"GET"; http_method; content:"/newbie/0.0.9/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.55.72.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431678/; classtype:trojan-activity;sid:84294778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431449)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.131.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431449/; classtype:trojan-activity;sid:84294549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431452)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.201.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431452/; classtype:trojan-activity;sid:84294552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.249.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431403/; classtype:trojan-activity;sid:84294503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"51.190.240.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431395/; classtype:trojan-activity;sid:84294495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.132.214.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431397/; classtype:trojan-activity;sid:84294497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431386)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.236.175.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431386/; classtype:trojan-activity;sid:84294486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.94.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431377/; classtype:trojan-activity;sid:84294477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431371)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.152.251.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431371/; classtype:trojan-activity;sid:84294471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431308)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431308/; classtype:trojan-activity;sid:84294408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431309)"; flow:established,from_client; content:"GET"; http_method; content:"/nan"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431309/; classtype:trojan-activity;sid:84294409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431310)"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431310/; classtype:trojan-activity;sid:84294410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431311)"; flow:established,from_client; content:"GET"; http_method; content:"/che"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431311/; classtype:trojan-activity;sid:84294411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431304)"; flow:established,from_client; content:"GET"; http_method; content:"/rj1.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.152.112.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431304/; classtype:trojan-activity;sid:84294404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430990)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430990/; classtype:trojan-activity;sid:84294090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430991)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430991/; classtype:trojan-activity;sid:84294091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430992)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430992/; classtype:trojan-activity;sid:84294092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430993)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430993/; classtype:trojan-activity;sid:84294093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430932/; classtype:trojan-activity;sid:84294032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430843)"; flow:established,from_client; content:"GET"; http_method; content:"/zoax33/utils/refs/heads/master/savedecrypter.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430843/; classtype:trojan-activity;sid:84293943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430583)"; flow:established,from_client; content:"GET"; http_method; content:"/barhom1/brobr/main/windowsservices.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430583/; classtype:trojan-activity;sid:84293683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430578)"; flow:established,from_client; content:"GET"; http_method; content:"/belyy-git/karahook/raw/refs/heads/master/chsztdjvl.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430578/; classtype:trojan-activity;sid:84293678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430575)"; flow:established,from_client; content:"GET"; http_method; content:"/zoax33/utils/raw/refs/heads/master/savedecrypter.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430575/; classtype:trojan-activity;sid:84293675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430576)"; flow:established,from_client; content:"GET"; http_method; content:"/belyy-git/karahook/refs/heads/master/chsztdjvl.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430576/; classtype:trojan-activity;sid:84293676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430568)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430568/; classtype:trojan-activity;sid:84293668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430561)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownhat8353/virus/refs/heads/main/serverx.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430561/; classtype:trojan-activity;sid:84293661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430539)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/raw/refs/heads/main/linkedintuvandat.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3430539/; classtype:trojan-activity;sid:84293639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430307)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmj.com/networkemailbackupwizardcontrollersetup.msi"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430307/; classtype:trojan-activity;sid:84293407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430306)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmj.com/captcha"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.60.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430306/; classtype:trojan-activity;sid:84293406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430254)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.152.251.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430254/; classtype:trojan-activity;sid:84293354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.54.47.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430225/; classtype:trojan-activity;sid:84293325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430129)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/refs/heads/main/linkedintuvandat.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430129/; classtype:trojan-activity;sid:84293229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429885)"; flow:established,from_client; content:"GET"; http_method; content:"/1/test.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ofice365.github.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429885/; classtype:trojan-activity;sid:84292985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429404)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429404/; classtype:trojan-activity;sid:84292504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429405)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/emips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429405/; classtype:trojan-activity;sid:84292505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429406)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429406/; classtype:trojan-activity;sid:84292506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429402)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429402/; classtype:trojan-activity;sid:84292502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429403)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429403/; classtype:trojan-activity;sid:84292503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429401)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/emips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429401/; classtype:trojan-activity;sid:84292501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429398)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429398/; classtype:trojan-activity;sid:84292498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429399)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429399/; classtype:trojan-activity;sid:84292499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429400)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/ex86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429400/; classtype:trojan-activity;sid:84292500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429390)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/empsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429390/; classtype:trojan-activity;sid:84292490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429391)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/empsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429391/; classtype:trojan-activity;sid:84292491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429392)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429392/; classtype:trojan-activity;sid:84292492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429393)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429393/; classtype:trojan-activity;sid:84292493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429394)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429394/; classtype:trojan-activity;sid:84292494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429395)"; flow:established,from_client; content:"GET"; http_method; content:"/earm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429395/; classtype:trojan-activity;sid:84292495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429396)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429396/; classtype:trojan-activity;sid:84292496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429397)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429397/; classtype:trojan-activity;sid:84292497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429386)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429386/; classtype:trojan-activity;sid:84292486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429387)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429387/; classtype:trojan-activity;sid:84292487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429388)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429388/; classtype:trojan-activity;sid:84292488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429389)"; flow:established,from_client; content:"GET"; http_method; content:"/dvrlocker"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429389/; classtype:trojan-activity;sid:84292489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429384)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429384/; classtype:trojan-activity;sid:84292484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429385)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/ex86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429385/; classtype:trojan-activity;sid:84292485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.18.93.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429304/; classtype:trojan-activity;sid:84292404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.238.195.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429305/; classtype:trojan-activity;sid:84292405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429279)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.187.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429279/; classtype:trojan-activity;sid:84292379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429076)"; flow:established,from_client; content:"GET"; http_method; content:"/ukr/client2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.177.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429076/; classtype:trojan-activity;sid:84292176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428822)"; flow:established,from_client; content:"GET"; http_method; content:"/ukraine/svc1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.177.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428822/; classtype:trojan-activity;sid:84291922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.113.115.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428797/; classtype:trojan-activity;sid:84291897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot64.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.113.115.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428798/; classtype:trojan-activity;sid:84291898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428509)"; flow:established,from_client; content:"GET"; http_method; content:"/sohpierainxz/fnaf-1/refs/heads/main/fusca%20game.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428509/; classtype:trojan-activity;sid:84291609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428506)"; flow:established,from_client; content:"GET"; http_method; content:"/proltop1/popka/raw/master/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428506/; classtype:trojan-activity;sid:84291606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428498)"; flow:established,from_client; content:"GET"; http_method; content:"/zoax33/utils/blob/master/savedecrypter.exe|3f|raw=true"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428498/; classtype:trojan-activity;sid:84291598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428490)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/test/!help_sos.hta"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428490/; classtype:trojan-activity;sid:84291590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428492)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll|3f|"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428492/; classtype:trojan-activity;sid:84291592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428472)"; flow:established,from_client; content:"GET"; http_method; content:"/acfy/cpdb/raw/main/cpdb.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428472/; classtype:trojan-activity;sid:84291572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428413)"; flow:established,from_client; content:"GET"; http_method; content:"/selvtillidens.smi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.seventools.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428413/; classtype:trojan-activity;sid:84291513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428410)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/assets/khsgr207.bin"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.elefantenfutter.de"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3428410/; classtype:trojan-activity;sid:84291510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428089)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.187.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428089/; classtype:trojan-activity;sid:84291189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428090)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.187.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428090/; classtype:trojan-activity;sid:84291190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.136.24.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428069/; classtype:trojan-activity;sid:84291169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.232.158.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428065/; classtype:trojan-activity;sid:84291165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anarchy.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"181.214.58.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427728/; classtype:trojan-activity;sid:84290828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427560)"; flow:established,from_client; content:"GET"; http_method; content:"/9mcjid5wrd79liuk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"recepchtav3.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427560/; classtype:trojan-activity;sid:84290660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427319)"; flow:established,from_client; content:"GET"; http_method; content:"/document/2019/12/05/13/x21-1575525820.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"attachment.vnecdn.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427319/; classtype:trojan-activity;sid:84290419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427316)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/hyh/raw/master/server.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427316/; classtype:trojan-activity;sid:84290416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427311)"; flow:established,from_client; content:"GET"; http_method; content:"/acfy/cpdb/main/cpdb.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427311/; classtype:trojan-activity;sid:84290411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3427293)"; flow:established,from_client; content:"GET"; http_method; content:"/belyy-git/karahook/raw/master/chsztdjvl.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3427293/; classtype:trojan-activity;sid:84290393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.182.114.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425846/; classtype:trojan-activity;sid:84288946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.100.115.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425847/; classtype:trojan-activity;sid:84288947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.253.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425836/; classtype:trojan-activity;sid:84288936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425580)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.219.212.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425580/; classtype:trojan-activity;sid:84288680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.151.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425539/; classtype:trojan-activity;sid:84288639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.151.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424766/; classtype:trojan-activity;sid:84287866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424672/; classtype:trojan-activity;sid:84287772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424664)"; flow:established,from_client; content:"GET"; http_method; content:"/check-it/report"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"littlemtlogistics.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424664/; classtype:trojan-activity;sid:84287764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424660/; classtype:trojan-activity;sid:84287760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424544)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.50.178.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424544/; classtype:trojan-activity;sid:84287644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424515)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.123.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424515/; classtype:trojan-activity;sid:84287615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424519)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.187.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424519/; classtype:trojan-activity;sid:84287619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424514)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.123.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424514/; classtype:trojan-activity;sid:84287614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.196.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424485/; classtype:trojan-activity;sid:84287585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.184.57.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424481/; classtype:trojan-activity;sid:84287581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424374)"; flow:established,from_client; content:"GET"; http_method; content:"/libraries4.aspx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"genericfixer.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424374/; classtype:trojan-activity;sid:84287474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423456)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423456/; classtype:trojan-activity;sid:84286556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423451)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423451/; classtype:trojan-activity;sid:84286551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423452/; classtype:trojan-activity;sid:84286552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423442)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423442/; classtype:trojan-activity;sid:84286542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423446)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423446/; classtype:trojan-activity;sid:84286546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423450)"; flow:established,from_client; content:"GET"; http_method; content:"/.smpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423450/; classtype:trojan-activity;sid:84286550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423414)"; flow:established,from_client; content:"GET"; http_method; content:"/.sspc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423414/; classtype:trojan-activity;sid:84286514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423415)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423415/; classtype:trojan-activity;sid:84286515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423416/; classtype:trojan-activity;sid:84286516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423417)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423417/; classtype:trojan-activity;sid:84286517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423419/; classtype:trojan-activity;sid:84286519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423420/; classtype:trojan-activity;sid:84286520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423423/; classtype:trojan-activity;sid:84286523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423424)"; flow:established,from_client; content:"GET"; http_method; content:"/.sppc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423424/; classtype:trojan-activity;sid:84286524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423427)"; flow:established,from_client; content:"GET"; http_method; content:"/.sm68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423427/; classtype:trojan-activity;sid:84286527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423428/; classtype:trojan-activity;sid:84286528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423429)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423429/; classtype:trojan-activity;sid:84286529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423431)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423431/; classtype:trojan-activity;sid:84286531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423432/; classtype:trojan-activity;sid:84286532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423433/; classtype:trojan-activity;sid:84286533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423434)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423434/; classtype:trojan-activity;sid:84286534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423438/; classtype:trojan-activity;sid:84286538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423441)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"173.234.28.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423441/; classtype:trojan-activity;sid:84286541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423165/; classtype:trojan-activity;sid:84286265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423154/; classtype:trojan-activity;sid:84286254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/bot64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.113.115.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423149/; classtype:trojan-activity;sid:84286249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423146/; classtype:trojan-activity;sid:84286246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423144)"; flow:established,from_client; content:"GET"; http_method; content:"/screensync.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.11.61.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423144/; classtype:trojan-activity;sid:84286244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423143)"; flow:established,from_client; content:"GET"; http_method; content:"/installsetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.11.61.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423143/; classtype:trojan-activity;sid:84286243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.174.150.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423086/; classtype:trojan-activity;sid:84286186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423064)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.123.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423064/; classtype:trojan-activity;sid:84286164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423065)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.123.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423065/; classtype:trojan-activity;sid:84286165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423055)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.85.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423055/; classtype:trojan-activity;sid:84286155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423045)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423045/; classtype:trojan-activity;sid:84286145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423046)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423046/; classtype:trojan-activity;sid:84286146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423047)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423047/; classtype:trojan-activity;sid:84286147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423050)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423050/; classtype:trojan-activity;sid:84286150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422635)"; flow:established,from_client; content:"GET"; http_method; content:"/a.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3422635/; classtype:trojan-activity;sid:84285735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3422037)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lead_dumper.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3422037/; classtype:trojan-activity;sid:84285137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/xsh.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421183/; classtype:trojan-activity;sid:84284283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421176)"; flow:established,from_client; content:"GET"; http_method; content:"/wannacry.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.84.153.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421176/; classtype:trojan-activity;sid:84284276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421026)"; flow:established,from_client; content:"GET"; http_method; content:"/tylermt99/zzzaaa/refs/heads/main/built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421026/; classtype:trojan-activity;sid:84284126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421014)"; flow:established,from_client; content:"GET"; http_method; content:"/assignment.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421014/; classtype:trojan-activity;sid:84284114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421020)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/emmetprod.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.147.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421020/; classtype:trojan-activity;sid:84284120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420962)"; flow:established,from_client; content:"GET"; http_method; content:"/a.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3420962/; classtype:trojan-activity;sid:84284062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420961)"; flow:established,from_client; content:"GET"; http_method; content:"/b.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.7.214.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3420961/; classtype:trojan-activity;sid:84284061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420614/; classtype:trojan-activity;sid:84283714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420612)"; flow:established,from_client; content:"GET"; http_method; content:"/lovform.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420612/; classtype:trojan-activity;sid:84283712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420613)"; flow:established,from_client; content:"GET"; http_method; content:"/chorogi.wsf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420613/; classtype:trojan-activity;sid:84283713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420607)"; flow:established,from_client; content:"GET"; http_method; content:"/update.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420607/; classtype:trojan-activity;sid:84283707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420564/; classtype:trojan-activity;sid:84283664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.133.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420539/; classtype:trojan-activity;sid:84283639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.127.101.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420537/; classtype:trojan-activity;sid:84283637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.162.140.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420538/; classtype:trojan-activity;sid:84283638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419871)"; flow:established,from_client; content:"GET"; http_method; content:"/98.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.109.159.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419871/; classtype:trojan-activity;sid:84282971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419869)"; flow:established,from_client; content:"GET"; http_method; content:"/invoke-mimikatz.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419869/; classtype:trojan-activity;sid:84282969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419870)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-v6.21.0-ubuntu20.04-linux"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419870/; classtype:trojan-activity;sid:84282970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419846)"; flow:established,from_client; content:"GET"; http_method; content:"/home.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.84.153.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419846/; classtype:trojan-activity;sid:84282946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.28.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419681/; classtype:trojan-activity;sid:84282781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419571)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/microsoft_hardware_launch.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419571/; classtype:trojan-activity;sid:84282671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419575)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419575/; classtype:trojan-activity;sid:84282675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419554)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/raw/refs/heads/main/856.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419554/; classtype:trojan-activity;sid:84282654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419556)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/raw/refs/heads/main/client.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419556/; classtype:trojan-activity;sid:84282656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419557)"; flow:established,from_client; content:"GET"; http_method; content:"/sonvan1811/fakewindowsinstaller/main/serverrat.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419557/; classtype:trojan-activity;sid:84282657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419558)"; flow:established,from_client; content:"GET"; http_method; content:"/marselshow/123123/main/govno__dlya_jertwy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419558/; classtype:trojan-activity;sid:84282658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419559)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419559/; classtype:trojan-activity;sid:84282659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419560)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419560/; classtype:trojan-activity;sid:84282660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419562)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/raw/refs/heads/main/client.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419562/; classtype:trojan-activity;sid:84282662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419563)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk97/xwqd21waddqwdv/raw/refs/heads/main/server.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419563/; classtype:trojan-activity;sid:84282663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419564)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/raw/refs/heads/main/fusca%20game.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419564/; classtype:trojan-activity;sid:84282664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419566)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419566/; classtype:trojan-activity;sid:84282666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419568)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/testme.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419568/; classtype:trojan-activity;sid:84282668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419569)"; flow:established,from_client; content:"GET"; http_method; content:"/ymykaliymy/ymy/raw/refs/heads/main/sela.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419569/; classtype:trojan-activity;sid:84282669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419570)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419570/; classtype:trojan-activity;sid:84282670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419546)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/raw/refs/heads/main/main.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419546/; classtype:trojan-activity;sid:84282646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419547)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419547/; classtype:trojan-activity;sid:84282647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419551)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/raw/refs/heads/main/mos%20ssssttttt.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419551/; classtype:trojan-activity;sid:84282651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419553)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/raw/refs/heads/main/njsilent.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419553/; classtype:trojan-activity;sid:84282653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419540)"; flow:established,from_client; content:"GET"; http_method; content:"/get/gryts2ee3z/eo.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419540/; classtype:trojan-activity;sid:84282640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419536)"; flow:established,from_client; content:"GET"; http_method; content:"/get/ifmqaplnrp/client-built.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419536/; classtype:trojan-activity;sid:84282636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419535)"; flow:established,from_client; content:"GET"; http_method; content:"/get/edi4wqihyr/rektupp.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419535/; classtype:trojan-activity;sid:84282635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419528)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java32.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419528/; classtype:trojan-activity;sid:84282628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419518)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java.exe"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419518/; classtype:trojan-activity;sid:84282618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419523)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419523/; classtype:trojan-activity;sid:84282623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419525)"; flow:established,from_client; content:"GET"; http_method; content:"/sesafvr/ayo/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419525/; classtype:trojan-activity;sid:84282625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419511)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/raw/refs/heads/main/example_win32_dx11.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419511/; classtype:trojan-activity;sid:84282611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419509)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419509/; classtype:trojan-activity;sid:84282609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419510)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419510/; classtype:trojan-activity;sid:84282610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419503)"; flow:established,from_client; content:"GET"; http_method; content:"/coluich/yaf/refs/heads/main/windows12.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419503/; classtype:trojan-activity;sid:84282603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419504)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419504/; classtype:trojan-activity;sid:84282604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419505)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/blob/main/2klz.exe|3f|raw=true"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419505/; classtype:trojan-activity;sid:84282605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419506)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/raw/refs/heads/main/collosalloader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419506/; classtype:trojan-activity;sid:84282606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419507)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419507/; classtype:trojan-activity;sid:84282607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419500)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/neverlose-loader/raw/refs/heads/main/neverlose%20loader.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419500/; classtype:trojan-activity;sid:84282600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419498)"; flow:established,from_client; content:"GET"; http_method; content:"/m4hvh2/dwadwa/raw/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419498/; classtype:trojan-activity;sid:84282598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419497)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/releases/download/cleanerv2/cleanerv2.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419497/; classtype:trojan-activity;sid:84282597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419494)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419494/; classtype:trojan-activity;sid:84282594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419493)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/raw/refs/heads/main/spectrum.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419493/; classtype:trojan-activity;sid:84282593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419489)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/raw/refs/heads/main/condogenerator.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419489/; classtype:trojan-activity;sid:84282589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419485)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419485/; classtype:trojan-activity;sid:84282585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419486)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/raw/refs/heads/main/client-built.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419486/; classtype:trojan-activity;sid:84282586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419487)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419487/; classtype:trojan-activity;sid:84282587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419470)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419470/; classtype:trojan-activity;sid:84282570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419473)"; flow:established,from_client; content:"GET"; http_method; content:"/brucegang123/bat-automation-test/raw/main/servers.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419473/; classtype:trojan-activity;sid:84282573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419474)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419474/; classtype:trojan-activity;sid:84282574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419477)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419477/; classtype:trojan-activity;sid:84282577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419478)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/raw/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419478/; classtype:trojan-activity;sid:84282578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419479)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419479/; classtype:trojan-activity;sid:84282579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419468)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419468/; classtype:trojan-activity;sid:84282568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419466)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/refs/heads/main/client-built-playit.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419466/; classtype:trojan-activity;sid:84282566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419463)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/main/client-built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419463/; classtype:trojan-activity;sid:84282563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419464)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419464/; classtype:trojan-activity;sid:84282564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419456)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/raw/refs/heads/main/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419456/; classtype:trojan-activity;sid:84282556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419453)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/raw/refs/heads/main/defender64.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419453/; classtype:trojan-activity;sid:84282553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419452)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/releases/download/v2.1.0/jjsploit.v2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419452/; classtype:trojan-activity;sid:84282552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419451)"; flow:established,from_client; content:"GET"; http_method; content:"/videoxfrx/crealstealer/raw/refs/heads/main/creal.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419451/; classtype:trojan-activity;sid:84282551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419409)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesv2/windriver/master/windriver.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419409/; classtype:trojan-activity;sid:84282509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419408)"; flow:established,from_client; content:"GET"; http_method; content:"/sulfux29/customrpcc/releases/download/discord/msystem32.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419408/; classtype:trojan-activity;sid:84282508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419403)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/raw/refs/heads/main/crspoofer.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419403/; classtype:trojan-activity;sid:84282503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419406)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/raw/refs/heads/main/discord.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419406/; classtype:trojan-activity;sid:84282506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419393)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419393/; classtype:trojan-activity;sid:84282493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419395)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/raw/refs/heads/main/solara_protect.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419395/; classtype:trojan-activity;sid:84282495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419389)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/raw/refs/heads/main/ddosziller.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419389/; classtype:trojan-activity;sid:84282489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419386)"; flow:established,from_client; content:"GET"; http_method; content:"/peroxic/peroxic/releases/download/1/demon.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419386/; classtype:trojan-activity;sid:84282486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419381)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419381/; classtype:trojan-activity;sid:84282481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419375)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/101.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419375/; classtype:trojan-activity;sid:84282475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419377)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/play.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419377/; classtype:trojan-activity;sid:84282477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419378)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/mera.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419378/; classtype:trojan-activity;sid:84282478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419362)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/2.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419362/; classtype:trojan-activity;sid:84282462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419363)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/bao.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419363/; classtype:trojan-activity;sid:84282463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419364)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419364/; classtype:trojan-activity;sid:84282464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419365)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/101.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419365/; classtype:trojan-activity;sid:84282465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419367)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/cool.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419367/; classtype:trojan-activity;sid:84282467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419368)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419368/; classtype:trojan-activity;sid:84282468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419369)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/thong.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419369/; classtype:trojan-activity;sid:84282469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419370)"; flow:established,from_client; content:"GET"; http_method; content:"/denispazin/uploads/raw/refs/heads/main/1735500131.bin"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419370/; classtype:trojan-activity;sid:84282470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419371)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/3.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419371/; classtype:trojan-activity;sid:84282471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419372)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/1.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419372/; classtype:trojan-activity;sid:84282472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419355)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.43.227.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419355/; classtype:trojan-activity;sid:84282455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.171.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419140/; classtype:trojan-activity;sid:84282240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.160.223.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419142/; classtype:trojan-activity;sid:84282242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.147.40.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3419138/; classtype:trojan-activity;sid:84282238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.141.98.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418828/; classtype:trojan-activity;sid:84281928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418732)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418732/; classtype:trojan-activity;sid:84281832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418697)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.78.147.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418697/; classtype:trojan-activity;sid:84281797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418693)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418693/; classtype:trojan-activity;sid:84281793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418042)"; flow:established,from_client; content:"GET"; http_method; content:"/cab/launcherloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.newkey.co.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418042/; classtype:trojan-activity;sid:84281142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417860/; classtype:trojan-activity;sid:84280960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417372)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417372/; classtype:trojan-activity;sid:84280472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417373)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417373/; classtype:trojan-activity;sid:84280473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417374)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417374/; classtype:trojan-activity;sid:84280474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417351)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417351/; classtype:trojan-activity;sid:84280451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417350)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417350/; classtype:trojan-activity;sid:84280450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417343)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417343/; classtype:trojan-activity;sid:84280443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417344)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417344/; classtype:trojan-activity;sid:84280444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417345)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417345/; classtype:trojan-activity;sid:84280445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417346)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417346/; classtype:trojan-activity;sid:84280446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417347)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417347/; classtype:trojan-activity;sid:84280447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417348)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.35.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417348/; classtype:trojan-activity;sid:84280448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417203)"; flow:established,from_client; content:"GET"; http_method; content:"/peroxic/peroxic/releases/download/1/demon.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417203/; classtype:trojan-activity;sid:84280303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417185)"; flow:established,from_client; content:"GET"; http_method; content:"/appserv/!help_sos.hta"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417185/; classtype:trojan-activity;sid:84280285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417095)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t9mwfr1azhmksosp19tomch5dyi3hb2n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417095/; classtype:trojan-activity;sid:84280195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417085)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417085/; classtype:trojan-activity;sid:84280185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416671/; classtype:trojan-activity;sid:84279771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416673/; classtype:trojan-activity;sid:84279773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416674/; classtype:trojan-activity;sid:84279774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.31.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416676/; classtype:trojan-activity;sid:84279776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416590)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/themes/original/!help_sos.hta"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416590/; classtype:trojan-activity;sid:84279690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416441/; classtype:trojan-activity;sid:84279541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415870)"; flow:established,from_client; content:"GET"; http_method; content:"/qwpqetv/1.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jade-associates.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3415870/; classtype:trojan-activity;sid:84278970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415308/; classtype:trojan-activity;sid:84278408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415238)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415238/; classtype:trojan-activity;sid:84278338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415209)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415209/; classtype:trojan-activity;sid:84278309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415208)"; flow:established,from_client; content:"GET"; http_method; content:"/newgmex.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415208/; classtype:trojan-activity;sid:84278308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415207)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat4.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415207/; classtype:trojan-activity;sid:84278307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415206)"; flow:established,from_client; content:"GET"; http_method; content:"/gmex.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415206/; classtype:trojan-activity;sid:84278306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415189)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415189/; classtype:trojan-activity;sid:84278289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415031)"; flow:established,from_client; content:"GET"; http_method; content:"/js/4577.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"130.162.152.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415031/; classtype:trojan-activity;sid:84278131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415026)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.162.152.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415026/; classtype:trojan-activity;sid:84278126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415025)"; flow:established,from_client; content:"GET"; http_method; content:"/js/mq.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.162.152.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415025/; classtype:trojan-activity;sid:84278125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415006)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415006/; classtype:trojan-activity;sid:84278106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415005)"; flow:established,from_client; content:"GET"; http_method; content:"/lolminer.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415005/; classtype:trojan-activity;sid:84278105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415003)"; flow:established,from_client; content:"GET"; http_method; content:"/conhost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415003/; classtype:trojan-activity;sid:84278103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415004)"; flow:established,from_client; content:"GET"; http_method; content:"/watchdog.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415004/; classtype:trojan-activity;sid:84278104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.126.138.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414681/; classtype:trojan-activity;sid:84277781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.166.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3414357/; classtype:trojan-activity;sid:84277457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414065)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.246.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414065/; classtype:trojan-activity;sid:84277165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414047/; classtype:trojan-activity;sid:84277147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.7.151"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414037/; classtype:trojan-activity;sid:84277137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.204.218.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414039/; classtype:trojan-activity;sid:84277139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.209.236.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414035/; classtype:trojan-activity;sid:84277135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.122.85.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412916/; classtype:trojan-activity;sid:84276016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412921/; classtype:trojan-activity;sid:84276021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412252)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyrizz/apiupdater/refs/heads/main/apiupdater.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412252/; classtype:trojan-activity;sid:84275352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412247)"; flow:established,from_client; content:"GET"; http_method; content:"/benitocamelas2025/datos/refs/heads/main/conexionvb.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412247/; classtype:trojan-activity;sid:84275347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412237)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/vcruntime140.dll|3f|"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412237/; classtype:trojan-activity;sid:84275337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412238)"; flow:established,from_client; content:"GET"; http_method; content:"/oraples/klick/master/windows.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412238/; classtype:trojan-activity;sid:84275338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.92.254.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412120/; classtype:trojan-activity;sid:84275220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.166.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411900/; classtype:trojan-activity;sid:84275000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"101.168.63.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411896/; classtype:trojan-activity;sid:84274996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.233.131.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411892/; classtype:trojan-activity;sid:84274992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.39.139.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411863/; classtype:trojan-activity;sid:84274963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.160.216.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411853/; classtype:trojan-activity;sid:84274953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.11.94.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411857/; classtype:trojan-activity;sid:84274957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.125.180.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411860/; classtype:trojan-activity;sid:84274960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.96.151.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411849/; classtype:trojan-activity;sid:84274949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411850/; classtype:trojan-activity;sid:84274950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410877)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/bao.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410877/; classtype:trojan-activity;sid:84273977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410868)"; flow:established,from_client; content:"GET"; http_method; content:"/helps/helphelp1207/helps.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"tests.yjzj.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410868/; classtype:trojan-activity;sid:84273968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410864)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/blob/master/access.exe|3f|raw=true"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410864/; classtype:trojan-activity;sid:84273964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410865)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/raw/refs/heads/master/access.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410865/; classtype:trojan-activity;sid:84273965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410866)"; flow:established,from_client; content:"GET"; http_method; content:"/abjay231/knack/main/e.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410866/; classtype:trojan-activity;sid:84273966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410718)"; flow:established,from_client; content:"GET"; http_method; content:"/cos"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ah-scanning.oss-cn-hongkong.aliyuncs.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410718/; classtype:trojan-activity;sid:84273818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410404)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.164.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410404/; classtype:trojan-activity;sid:84273504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410382)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.176.252.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410382/; classtype:trojan-activity;sid:84273482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410375/; classtype:trojan-activity;sid:84273475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.131.166.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410365/; classtype:trojan-activity;sid:84273465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.83.89.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410359/; classtype:trojan-activity;sid:84273459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.84.3.30"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410348/; classtype:trojan-activity;sid:84273448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.101.88.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410351/; classtype:trojan-activity;sid:84273451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409840)"; flow:established,from_client; content:"GET"; http_method; content:"/game-6d/565/main/99999.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409840/; classtype:trojan-activity;sid:84272940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409842)"; flow:established,from_client; content:"GET"; http_method; content:"/neari44/fash/main/22.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409842/; classtype:trojan-activity;sid:84272942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409837)"; flow:established,from_client; content:"GET"; http_method; content:"/splash2520/splash/refs/heads/main/network.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409837/; classtype:trojan-activity;sid:84272937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409838)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/refs/heads/master/access.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409838/; classtype:trojan-activity;sid:84272938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409839)"; flow:established,from_client; content:"GET"; http_method; content:"/ashrx/new/main/rea.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409839/; classtype:trojan-activity;sid:84272939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409832)"; flow:established,from_client; content:"GET"; http_method; content:"/rem.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"glennmedina.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409832/; classtype:trojan-activity;sid:84272932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409826)"; flow:established,from_client; content:"GET"; http_method; content:"/splash2520/splash/raw/refs/heads/main/network.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409826/; classtype:trojan-activity;sid:84272926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.40.61.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409427/; classtype:trojan-activity;sid:84272527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.172.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409429/; classtype:trojan-activity;sid:84272529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.185.252.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409419/; classtype:trojan-activity;sid:84272519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.11.94.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409421/; classtype:trojan-activity;sid:84272521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.144.211.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409422/; classtype:trojan-activity;sid:84272522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409030)"; flow:established,from_client; content:"GET"; http_method; content:"/rspot"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.atc-secure.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409030/; classtype:trojan-activity;sid:84272130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408573)"; flow:established,from_client; content:"GET"; http_method; content:"/game-6d/mods/main/mod.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408573/; classtype:trojan-activity;sid:84271673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408527)"; flow:established,from_client; content:"GET"; http_method; content:"/jw.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"saveyourcinema.ca"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408527/; classtype:trojan-activity;sid:84271627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3408298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3408298/; classtype:trojan-activity;sid:84271398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407457)"; flow:established,from_client; content:"GET"; http_method; content:"/y"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407457/; classtype:trojan-activity;sid:84270557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407458)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407458/; classtype:trojan-activity;sid:84270558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407459)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407459/; classtype:trojan-activity;sid:84270559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407460)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407460/; classtype:trojan-activity;sid:84270560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407461)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407461/; classtype:trojan-activity;sid:84270561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407462)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407462/; classtype:trojan-activity;sid:84270562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407463)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407463/; classtype:trojan-activity;sid:84270563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407464)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407464/; classtype:trojan-activity;sid:84270564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407453)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407453/; classtype:trojan-activity;sid:84270553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407454)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407454/; classtype:trojan-activity;sid:84270554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407455)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407455/; classtype:trojan-activity;sid:84270555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407456)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407456/; classtype:trojan-activity;sid:84270556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407450)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407450/; classtype:trojan-activity;sid:84270550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407451)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407451/; classtype:trojan-activity;sid:84270551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407452)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407452/; classtype:trojan-activity;sid:84270552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.116.144.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407403/; classtype:trojan-activity;sid:84270503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.234.166.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407392/; classtype:trojan-activity;sid:84270492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.117.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407399/; classtype:trojan-activity;sid:84270499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.207.4.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407401/; classtype:trojan-activity;sid:84270501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"155.4.101.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407381/; classtype:trojan-activity;sid:84270481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.204.186.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407375/; classtype:trojan-activity;sid:84270475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.117.34.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407370/; classtype:trojan-activity;sid:84270470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407218)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407218/; classtype:trojan-activity;sid:84270318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407004)"; flow:established,from_client; content:"GET"; http_method; content:"/imnddhs/2.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"parmisbuilding.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407004/; classtype:trojan-activity;sid:84270104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406830)"; flow:established,from_client; content:"GET"; http_method; content:"/mimmort88/popino/main/jij.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406830/; classtype:trojan-activity;sid:84269930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406822)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%b9%8c%ec%96%b4%20%eb%a8%b9%ec%9d%84.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406822/; classtype:trojan-activity;sid:84269922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406812)"; flow:established,from_client; content:"GET"; http_method; content:"/333.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"207.231.111.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406812/; classtype:trojan-activity;sid:84269912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406570)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406570/; classtype:trojan-activity;sid:84269670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406568)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406568/; classtype:trojan-activity;sid:84269668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406569)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406569/; classtype:trojan-activity;sid:84269669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406564)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406564/; classtype:trojan-activity;sid:84269664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406565)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406565/; classtype:trojan-activity;sid:84269665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406566)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406566/; classtype:trojan-activity;sid:84269666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406567)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406567/; classtype:trojan-activity;sid:84269667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406563)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406563/; classtype:trojan-activity;sid:84269663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406560)"; flow:established,from_client; content:"GET"; http_method; content:"/ewe.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406560/; classtype:trojan-activity;sid:84269660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406561)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ewe.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.236.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406561/; classtype:trojan-activity;sid:84269661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406468)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/30343922aca0fb8e53340406c2d9339d/sora2012.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406468/; classtype:trojan-activity;sid:84269568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406176)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_19; reference:url, urlhaus.abuse.ch/url/3406176/; classtype:trojan-activity;sid:84269276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_19; reference:url, urlhaus.abuse.ch/url/3405423/; classtype:trojan-activity;sid:84268523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405341)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"14.29.160.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405341/; classtype:trojan-activity;sid:84268441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405343)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.140.242.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405343/; classtype:trojan-activity;sid:84268443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405330/; classtype:trojan-activity;sid:84268430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405329)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.54.96.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405329/; classtype:trojan-activity;sid:84268429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.93.44.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405227/; classtype:trojan-activity;sid:84268327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405187)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405187/; classtype:trojan-activity;sid:84268287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405179)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.41.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405179/; classtype:trojan-activity;sid:84268279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405180)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.41.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405180/; classtype:trojan-activity;sid:84268280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405181)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.41.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405181/; classtype:trojan-activity;sid:84268281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405153)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405153/; classtype:trojan-activity;sid:84268253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405155)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405155/; classtype:trojan-activity;sid:84268255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405149)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.246.87.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405149/; classtype:trojan-activity;sid:84268249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405131)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.48.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405131/; classtype:trojan-activity;sid:84268231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405134)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.15.147.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405134/; classtype:trojan-activity;sid:84268234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405135)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.48.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405135/; classtype:trojan-activity;sid:84268235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405140)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.215.129.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405140/; classtype:trojan-activity;sid:84268240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405128)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.48.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405128/; classtype:trojan-activity;sid:84268228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405129)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.48.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405129/; classtype:trojan-activity;sid:84268229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.207.245.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405121/; classtype:trojan-activity;sid:84268221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405120)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.20.19.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405120/; classtype:trojan-activity;sid:84268220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.72.199.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405113/; classtype:trojan-activity;sid:84268213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.190.234.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405116/; classtype:trojan-activity;sid:84268216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.129.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405093/; classtype:trojan-activity;sid:84268193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404421)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold123444.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404421/; classtype:trojan-activity;sid:84267521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404420)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3404420/; classtype:trojan-activity;sid:84267520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404043)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404043/; classtype:trojan-activity;sid:84267143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404044)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404044/; classtype:trojan-activity;sid:84267144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.157.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404013/; classtype:trojan-activity;sid:84267113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.186.101.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404001/; classtype:trojan-activity;sid:84267101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3404012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.45.142.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3404012/; classtype:trojan-activity;sid:84267112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.58.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403993/; classtype:trojan-activity;sid:84267093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.121.254.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403987/; classtype:trojan-activity;sid:84267087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403377)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/play.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403377/; classtype:trojan-activity;sid:84266477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403379)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/refs/heads/main/condogenerator.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403379/; classtype:trojan-activity;sid:84266479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403380)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/refs/heads/main/payload.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403380/; classtype:trojan-activity;sid:84266480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403355)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/releases/download/v2.1.0/jjsploit.v2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403355/; classtype:trojan-activity;sid:84266455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.38.102.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3403041/; classtype:trojan-activity;sid:84266141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402741)"; flow:established,from_client; content:"GET"; http_method; content:"/adobepdf-reader/pdf-reader/raw/refs/heads/main/pdf%20reader.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402741/; classtype:trojan-activity;sid:84265841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.205.55.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402699/; classtype:trojan-activity;sid:84265799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402685)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402685/; classtype:trojan-activity;sid:84265785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402495)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/mera.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402495/; classtype:trojan-activity;sid:84265595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402171)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.189.117.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402171/; classtype:trojan-activity;sid:84265271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.86.182.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402157/; classtype:trojan-activity;sid:84265257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.6.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402154/; classtype:trojan-activity;sid:84265254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.152.45.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402136/; classtype:trojan-activity;sid:84265236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"129.222.204.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402143/; classtype:trojan-activity;sid:84265243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"148.103.1.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402144/; classtype:trojan-activity;sid:84265244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.70.156.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402149/; classtype:trojan-activity;sid:84265249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.252.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402128/; classtype:trojan-activity;sid:84265228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.255.22.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402118/; classtype:trojan-activity;sid:84265218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.154.235.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402116/; classtype:trojan-activity;sid:84265216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.181.28.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402115/; classtype:trojan-activity;sid:84265215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401644)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/wpr-addons/forms/code1.png"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"107.180.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401644/; classtype:trojan-activity;sid:84264744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401409)"; flow:established,from_client; content:"GET"; http_method; content:"/receipt5290.html"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vbccorretoradeseguros.com.br"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401409/; classtype:trojan-activity;sid:84264509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401392)"; flow:established,from_client; content:"GET"; http_method; content:"/brucegang123/bat-automation-test/main/servers.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401392/; classtype:trojan-activity;sid:84264492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401388)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/1.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401388/; classtype:trojan-activity;sid:84264488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401366)"; flow:established,from_client; content:"GET"; http_method; content:"/brucegang123/bat-automation-test/raw/main/servers.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401366/; classtype:trojan-activity;sid:84264466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401362)"; flow:established,from_client; content:"GET"; http_method; content:"/fxserver.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.50.242.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401362/; classtype:trojan-activity;sid:84264462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401171)"; flow:established,from_client; content:"GET"; http_method; content:"/k.php|3f|a=x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.41.204.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401171/; classtype:trojan-activity;sid:84264271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400304)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400304/; classtype:trojan-activity;sid:84263404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400298)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400298/; classtype:trojan-activity;sid:84263398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400299)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400299/; classtype:trojan-activity;sid:84263399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400300)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400300/; classtype:trojan-activity;sid:84263400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400301)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400301/; classtype:trojan-activity;sid:84263401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400302)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400302/; classtype:trojan-activity;sid:84263402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400303)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400303/; classtype:trojan-activity;sid:84263403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400265)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400265/; classtype:trojan-activity;sid:84263365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400266)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400266/; classtype:trojan-activity;sid:84263366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400267)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400267/; classtype:trojan-activity;sid:84263367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400268)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400268/; classtype:trojan-activity;sid:84263368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400269)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400269/; classtype:trojan-activity;sid:84263369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400270)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400270/; classtype:trojan-activity;sid:84263370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400271)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400271/; classtype:trojan-activity;sid:84263371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400272)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400272/; classtype:trojan-activity;sid:84263372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400273)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400273/; classtype:trojan-activity;sid:84263373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400274)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400274/; classtype:trojan-activity;sid:84263374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400275)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400275/; classtype:trojan-activity;sid:84263375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400276)"; flow:established,from_client; content:"GET"; http_method; content:"/bt"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400276/; classtype:trojan-activity;sid:84263376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400277)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400277/; classtype:trojan-activity;sid:84263377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400278)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400278/; classtype:trojan-activity;sid:84263378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400279)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400279/; classtype:trojan-activity;sid:84263379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400280)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400280/; classtype:trojan-activity;sid:84263380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400281)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400281/; classtype:trojan-activity;sid:84263381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400282)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400282/; classtype:trojan-activity;sid:84263382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400283)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400283/; classtype:trojan-activity;sid:84263383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400284)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400284/; classtype:trojan-activity;sid:84263384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400285)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400285/; classtype:trojan-activity;sid:84263385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400286)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400286/; classtype:trojan-activity;sid:84263386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400287)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400287/; classtype:trojan-activity;sid:84263387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400288)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400288/; classtype:trojan-activity;sid:84263388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400289)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400289/; classtype:trojan-activity;sid:84263389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400290)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400290/; classtype:trojan-activity;sid:84263390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400291)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400291/; classtype:trojan-activity;sid:84263391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400292)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400292/; classtype:trojan-activity;sid:84263392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400293)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400293/; classtype:trojan-activity;sid:84263393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400294)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400294/; classtype:trojan-activity;sid:84263394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400295)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400295/; classtype:trojan-activity;sid:84263395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400296)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400296/; classtype:trojan-activity;sid:84263396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400297)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400297/; classtype:trojan-activity;sid:84263397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3400257)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3400257/; classtype:trojan-activity;sid:84263357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399888)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.109.11.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399888/; classtype:trojan-activity;sid:84262988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399737)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/shellcodeany.bin"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399737/; classtype:trojan-activity;sid:84262837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399733)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/refs/heads/main/discord.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399733/; classtype:trojan-activity;sid:84262833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399734)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/thong.bin"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399734/; classtype:trojan-activity;sid:84262834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399728)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/!help_sos.hta"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"192.140.225.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399728/; classtype:trojan-activity;sid:84262828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399725)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/raw/refs/heads/main/discord.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399725/; classtype:trojan-activity;sid:84262825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399717)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll|3f|/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399717/; classtype:trojan-activity;sid:84262817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399422)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.36.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399422/; classtype:trojan-activity;sid:84262522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.178.100.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399396/; classtype:trojan-activity;sid:84262496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399393/; classtype:trojan-activity;sid:84262493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399086)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/x86"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399086/; classtype:trojan-activity;sid:84262186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399085)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/dlr.x86"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399085/; classtype:trojan-activity;sid:84262185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399067)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/mipsel"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399067/; classtype:trojan-activity;sid:84262167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399068)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/armv5l"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399068/; classtype:trojan-activity;sid:84262168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399058)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/armv7l"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399058/; classtype:trojan-activity;sid:84262158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399059)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/armv6l"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399059/; classtype:trojan-activity;sid:84262159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399056)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/animma.sh"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399056/; classtype:trojan-activity;sid:84262156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399057)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/scanner/refs/heads/main/armv4l"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399057/; classtype:trojan-activity;sid:84262157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398952)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398952/; classtype:trojan-activity;sid:84262052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398783)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll|3f|"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398783/; classtype:trojan-activity;sid:84261883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398784)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/doom.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398784/; classtype:trojan-activity;sid:84261884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398786)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/refs/heads/main/king.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398786/; classtype:trojan-activity;sid:84261886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398654)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.154.235.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398654/; classtype:trojan-activity;sid:84261754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398629)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/1.sh"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398629/; classtype:trojan-activity;sid:84261729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.121.239.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398195/; classtype:trojan-activity;sid:84261295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.62.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398188/; classtype:trojan-activity;sid:84261288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.15.254.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398189/; classtype:trojan-activity;sid:84261289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.92.94.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398193/; classtype:trojan-activity;sid:84261293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397968)"; flow:established,from_client; content:"GET"; http_method; content:"/k.php|3f|a=arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.41.204.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397968/; classtype:trojan-activity;sid:84261068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397969)"; flow:established,from_client; content:"GET"; http_method; content:"/k.php|3f|a=mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.41.204.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397969/; classtype:trojan-activity;sid:84261069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397960)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteshadow.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397960/; classtype:trojan-activity;sid:84261060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397956)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/johnmartin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397956/; classtype:trojan-activity;sid:84261056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.220.249.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3397671/; classtype:trojan-activity;sid:84260771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.2.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397543/; classtype:trojan-activity;sid:84260643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.168.227.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397531/; classtype:trojan-activity;sid:84260631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.18.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397528/; classtype:trojan-activity;sid:84260628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396897)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"staplebrokenmetaliyro.blogspot.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3396897/; classtype:trojan-activity;sid:84259997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396448)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.24.179.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396448/; classtype:trojan-activity;sid:84259548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396436)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.19.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396436/; classtype:trojan-activity;sid:84259536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396446)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.9.107.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396446/; classtype:trojan-activity;sid:84259546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.97.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396432/; classtype:trojan-activity;sid:84259532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396427/; classtype:trojan-activity;sid:84259527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.71.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396430/; classtype:trojan-activity;sid:84259530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396413/; classtype:trojan-activity;sid:84259513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.87.151.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396418/; classtype:trojan-activity;sid:84259518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396119)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396119/; classtype:trojan-activity;sid:84259219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396087)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396087/; classtype:trojan-activity;sid:84259187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395711)"; flow:established,from_client; content:"GET"; http_method; content:"/svhost.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.106.34.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3395711/; classtype:trojan-activity;sid:84258811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395055)"; flow:established,from_client; content:"GET"; http_method; content:"/arvendrachhonkar/todo/releases/download/macosandwindows/install_setup_v1.2.0.dmg"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395055/; classtype:trojan-activity;sid:84258155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395041)"; flow:established,from_client; content:"GET"; http_method; content:"/python312-32.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"217.77.11.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395041/; classtype:trojan-activity;sid:84258141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394777/; classtype:trojan-activity;sid:84257877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394778/; classtype:trojan-activity;sid:84257878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394779/; classtype:trojan-activity;sid:84257879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394780/; classtype:trojan-activity;sid:84257880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394781/; classtype:trojan-activity;sid:84257881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394782/; classtype:trojan-activity;sid:84257882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394783/; classtype:trojan-activity;sid:84257883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394784)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394784/; classtype:trojan-activity;sid:84257884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394785/; classtype:trojan-activity;sid:84257885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394786/; classtype:trojan-activity;sid:84257886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394787/; classtype:trojan-activity;sid:84257887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394788/; classtype:trojan-activity;sid:84257888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394789)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.221.96.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394789/; classtype:trojan-activity;sid:84257889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394680)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/blob/main/2klz.exe|3f|raw=true/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394680/; classtype:trojan-activity;sid:84257780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394666)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/raw/refs/heads/main/payload.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394666/; classtype:trojan-activity;sid:84257766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394507)"; flow:established,from_client; content:"GET"; http_method; content:"/trismagi/daemon/raw/main/watchdog"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394507/; classtype:trojan-activity;sid:84257607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394121/; classtype:trojan-activity;sid:84257221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394115)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394115/; classtype:trojan-activity;sid:84257215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394108)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394108/; classtype:trojan-activity;sid:84257208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393662)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/ud/refs/heads/main/ud.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393662/; classtype:trojan-activity;sid:84256762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393615)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.97.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393615/; classtype:trojan-activity;sid:84256715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393601)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.31.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393601/; classtype:trojan-activity;sid:84256701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393600)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/blob/main/2klz.exe|3f|raw=true"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393600/; classtype:trojan-activity;sid:84256700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393595)"; flow:established,from_client; content:"GET"; http_method; content:"/tnn.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.106.34.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393595/; classtype:trojan-activity;sid:84256695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393596)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393596/; classtype:trojan-activity;sid:84256696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393592)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/customer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393592/; classtype:trojan-activity;sid:84256692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393148/; classtype:trojan-activity;sid:84256248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393047)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393047/; classtype:trojan-activity;sid:84256147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393048)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393048/; classtype:trojan-activity;sid:84256148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393043)"; flow:established,from_client; content:"GET"; http_method; content:"/get/giyauomtev/uu.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393043/; classtype:trojan-activity;sid:84256143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393033)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.243.25.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393033/; classtype:trojan-activity;sid:84256133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.240.163.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393007/; classtype:trojan-activity;sid:84256107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.46.219.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393012/; classtype:trojan-activity;sid:84256112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.146.11.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393006/; classtype:trojan-activity;sid:84256106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392894)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ronnin-v2.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392894/; classtype:trojan-activity;sid:84255994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392868)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"miner-tolken.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392868/; classtype:trojan-activity;sid:84255968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392867)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"symbietic.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392867/; classtype:trojan-activity;sid:84255967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392686)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher/upload/test.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"test.aionclassic.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392686/; classtype:trojan-activity;sid:84255786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392682)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moonloaderupdate.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392682/; classtype:trojan-activity;sid:84255782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391694)"; flow:established,from_client; content:"GET"; http_method; content:"/dred"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.104.73.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391694/; classtype:trojan-activity;sid:84254794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391673)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.97.201.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391673/; classtype:trojan-activity;sid:84254773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391678/; classtype:trojan-activity;sid:84254778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.228.133.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391640/; classtype:trojan-activity;sid:84254740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391641)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.228.133.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391641/; classtype:trojan-activity;sid:84254741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.228.133.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391642/; classtype:trojan-activity;sid:84254742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391643)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.228.133.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391643/; classtype:trojan-activity;sid:84254743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391632)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.132"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391632/; classtype:trojan-activity;sid:84254732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.51.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391610/; classtype:trojan-activity;sid:84254710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.45.99.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391600/; classtype:trojan-activity;sid:84254700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.148.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391602/; classtype:trojan-activity;sid:84254702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.45.110.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391593/; classtype:trojan-activity;sid:84254693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391455)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391455/; classtype:trojan-activity;sid:84254555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391442)"; flow:established,from_client; content:"GET"; http_method; content:"/ymykaliymy/ymy/refs/heads/main/sela.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391442/; classtype:trojan-activity;sid:84254542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391438)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/696969.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391438/; classtype:trojan-activity;sid:84254538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391429)"; flow:established,from_client; content:"GET"; http_method; content:"/1337breaker1337/password/raw/refs/heads/main/client-built.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391429/; classtype:trojan-activity;sid:84254529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391426)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/raw/refs/heads/main/jjsploit.v2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391426/; classtype:trojan-activity;sid:84254526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391427)"; flow:established,from_client; content:"GET"; http_method; content:"/07nn/am/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391427/; classtype:trojan-activity;sid:84254527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391428)"; flow:established,from_client; content:"GET"; http_method; content:"/ymykaliymy/ymy/raw/refs/heads/main/sela.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391428/; classtype:trojan-activity;sid:84254528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391375)"; flow:established,from_client; content:"GET"; http_method; content:"/4gs"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391375/; classtype:trojan-activity;sid:84254475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390659)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.133.36.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390659/; classtype:trojan-activity;sid:84253759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390660)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.143.48.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390660/; classtype:trojan-activity;sid:84253760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.253.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390320/; classtype:trojan-activity;sid:84253420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.121.71.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390316/; classtype:trojan-activity;sid:84253416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389860)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389860/; classtype:trojan-activity;sid:84252960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389861)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389861/; classtype:trojan-activity;sid:84252961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389862)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389862/; classtype:trojan-activity;sid:84252962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389863)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389863/; classtype:trojan-activity;sid:84252963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389864)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389864/; classtype:trojan-activity;sid:84252964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389865)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389865/; classtype:trojan-activity;sid:84252965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389866)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389866/; classtype:trojan-activity;sid:84252966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389867)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389867/; classtype:trojan-activity;sid:84252967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389868)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389868/; classtype:trojan-activity;sid:84252968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389869)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389869/; classtype:trojan-activity;sid:84252969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389870)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389870/; classtype:trojan-activity;sid:84252970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389871)"; flow:established,from_client; content:"GET"; http_method; content:"/bt"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389871/; classtype:trojan-activity;sid:84252971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389872)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389872/; classtype:trojan-activity;sid:84252972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389873)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389873/; classtype:trojan-activity;sid:84252973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389874)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389874/; classtype:trojan-activity;sid:84252974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389842)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389842/; classtype:trojan-activity;sid:84252942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389843)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389843/; classtype:trojan-activity;sid:84252943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389844)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389844/; classtype:trojan-activity;sid:84252944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389845)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389845/; classtype:trojan-activity;sid:84252945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389846)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389846/; classtype:trojan-activity;sid:84252946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389847)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389847/; classtype:trojan-activity;sid:84252947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389849)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389849/; classtype:trojan-activity;sid:84252949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389850)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389850/; classtype:trojan-activity;sid:84252950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389851)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389851/; classtype:trojan-activity;sid:84252951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389852)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389852/; classtype:trojan-activity;sid:84252952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389853)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389853/; classtype:trojan-activity;sid:84252953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389854)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389854/; classtype:trojan-activity;sid:84252954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389855)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389855/; classtype:trojan-activity;sid:84252955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389856)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389856/; classtype:trojan-activity;sid:84252956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389857)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389857/; classtype:trojan-activity;sid:84252957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389858)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389858/; classtype:trojan-activity;sid:84252958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389859)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389859/; classtype:trojan-activity;sid:84252959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389782)"; flow:established,from_client; content:"GET"; http_method; content:"/01.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389782/; classtype:trojan-activity;sid:84252882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389783)"; flow:established,from_client; content:"GET"; http_method; content:"/bxd.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389783/; classtype:trojan-activity;sid:84252883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389784)"; flow:established,from_client; content:"GET"; http_method; content:"/wudi.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389784/; classtype:trojan-activity;sid:84252884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389785)"; flow:established,from_client; content:"GET"; http_method; content:"/00.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389785/; classtype:trojan-activity;sid:84252885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389786)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389786/; classtype:trojan-activity;sid:84252886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389780)"; flow:established,from_client; content:"GET"; http_method; content:"/02.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389780/; classtype:trojan-activity;sid:84252880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389781)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.14.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389781/; classtype:trojan-activity;sid:84252881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.92.254.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389740/; classtype:trojan-activity;sid:84252840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389724/; classtype:trojan-activity;sid:84252824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389611)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389611/; classtype:trojan-activity;sid:84252711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389607)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389607/; classtype:trojan-activity;sid:84252707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389601)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3389601/; classtype:trojan-activity;sid:84252701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389458)"; flow:established,from_client; content:"GET"; http_method; content:"/07nn/am/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389458/; classtype:trojan-activity;sid:84252558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389456)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/raw/refs/heads/main/jjsploit.v2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389456/; classtype:trojan-activity;sid:84252556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389457)"; flow:established,from_client; content:"GET"; http_method; content:"/top-executors/jjsploit/refs/heads/main/jjsploit.v2.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389457/; classtype:trojan-activity;sid:84252557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389455)"; flow:established,from_client; content:"GET"; http_method; content:"/get/hlxk13yhsr/sdggwsdgdrwgrwgrwgrwgrw.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389455/; classtype:trojan-activity;sid:84252555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389403)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/raw/main/ctc64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389403/; classtype:trojan-activity;sid:84252503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389404)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/main/ctc64.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389404/; classtype:trojan-activity;sid:84252504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389259)"; flow:established,from_client; content:"GET"; http_method; content:"/test/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389259/; classtype:trojan-activity;sid:84252359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389237)"; flow:established,from_client; content:"GET"; http_method; content:"/test/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389237/; classtype:trojan-activity;sid:84252337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389239)"; flow:established,from_client; content:"GET"; http_method; content:"/test/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389239/; classtype:trojan-activity;sid:84252339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389229)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/fwutlkid.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389229/; classtype:trojan-activity;sid:84252329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389228)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/gch3x3lk.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389228/; classtype:trojan-activity;sid:84252328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389227)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/9nkwk7nh.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389227/; classtype:trojan-activity;sid:84252327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389225)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/ujp4jdmy.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389225/; classtype:trojan-activity;sid:84252325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389224)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8rh4s7pl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389224/; classtype:trojan-activity;sid:84252324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389223)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/dwppj74t.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389223/; classtype:trojan-activity;sid:84252323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389222)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/jdym53nl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389222/; classtype:trojan-activity;sid:84252322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389221)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/e9ffa5da.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389221/; classtype:trojan-activity;sid:84252321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389220)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8zg9faz4.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389220/; classtype:trojan-activity;sid:84252320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389218)"; flow:established,from_client; content:"GET"; http_method; content:"/free"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389218/; classtype:trojan-activity;sid:84252318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389158)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389158/; classtype:trojan-activity;sid:84252258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389142)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.181.70.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389142/; classtype:trojan-activity;sid:84252242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389129)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.157.18.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389129/; classtype:trojan-activity;sid:84252229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389120)"; flow:established,from_client; content:"GET"; http_method; content:"/auda"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389120/; classtype:trojan-activity;sid:84252220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.173.146.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388953/; classtype:trojan-activity;sid:84252053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.184.144.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388952/; classtype:trojan-activity;sid:84252052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388907)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388907/; classtype:trojan-activity;sid:84252007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.84.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388893/; classtype:trojan-activity;sid:84251993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388899)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.15.50.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388899/; classtype:trojan-activity;sid:84251999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388878/; classtype:trojan-activity;sid:84251978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.128"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388870/; classtype:trojan-activity;sid:84251970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388873)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.117.75.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388873/; classtype:trojan-activity;sid:84251973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.174"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388874/; classtype:trojan-activity;sid:84251974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388858)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388858/; classtype:trojan-activity;sid:84251958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388859)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388859/; classtype:trojan-activity;sid:84251959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388175)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.45.99.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388175/; classtype:trojan-activity;sid:84251275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387817)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.108.145.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387817/; classtype:trojan-activity;sid:84250917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387818)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.58.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387818/; classtype:trojan-activity;sid:84250918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387806/; classtype:trojan-activity;sid:84250906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.121.71.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387779/; classtype:trojan-activity;sid:84250879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.211.215.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387792/; classtype:trojan-activity;sid:84250892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.220.229.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387777/; classtype:trojan-activity;sid:84250877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.185.103.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387772/; classtype:trojan-activity;sid:84250872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387720)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387720/; classtype:trojan-activity;sid:84250820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387721)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/evetbeta.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387721/; classtype:trojan-activity;sid:84250821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387722)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/benpolatalemdar.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387722/; classtype:trojan-activity;sid:84250822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387713)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/raw/refs/heads/main/2klz.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387713/; classtype:trojan-activity;sid:84250813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387707)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraundercode/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387707/; classtype:trojan-activity;sid:84250807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387708)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387708/; classtype:trojan-activity;sid:84250808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387710)"; flow:established,from_client; content:"GET"; http_method; content:"/nullspectre/whyareyouhere-/raw/4bed170d797d5d2077bfc312d8badcd3c1dbaa74/test2.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387710/; classtype:trojan-activity;sid:84250810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387711)"; flow:established,from_client; content:"GET"; http_method; content:"/samllea1/gorebox-modmenu/raw/refs/heads/main/gorebox%20modmenu%201.2.0.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387711/; classtype:trojan-activity;sid:84250811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387705)"; flow:established,from_client; content:"GET"; http_method; content:"/waynesson/rocitizens/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387705/; classtype:trojan-activity;sid:84250805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387697)"; flow:established,from_client; content:"GET"; http_method; content:"/intput.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"101.201.227.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387697/; classtype:trojan-activity;sid:84250797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387695)"; flow:established,from_client; content:"GET"; http_method; content:"/rviance/ubiquitous-fortnight/releases/download/toolwin/toolwin.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387695/; classtype:trojan-activity;sid:84250795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387688)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/raw/refs/heads/main/systempreter.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387688/; classtype:trojan-activity;sid:84250788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387689)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/raw/refs/heads/main/sync.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387689/; classtype:trojan-activity;sid:84250789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387691)"; flow:established,from_client; content:"GET"; http_method; content:"/kidxnox/image-logger/raw/refs/heads/main/image%20logger.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387691/; classtype:trojan-activity;sid:84250791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387240)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/freebl3.dll|3f|"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387240/; classtype:trojan-activity;sid:84250340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386798)"; flow:established,from_client; content:"GET"; http_method; content:"/proceedings-article/55a07147594fae1312e55be4d77971e1/skidmore2008.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3386798/; classtype:trojan-activity;sid:84249898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386507)"; flow:established,from_client; content:"GET"; http_method; content:"/file-32bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386507/; classtype:trojan-activity;sid:84249607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386508)"; flow:established,from_client; content:"GET"; http_method; content:"/file.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386508/; classtype:trojan-activity;sid:84249608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386509)"; flow:established,from_client; content:"GET"; http_method; content:"/file-arm.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386509/; classtype:trojan-activity;sid:84249609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386510)"; flow:established,from_client; content:"GET"; http_method; content:"/file-64bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386510/; classtype:trojan-activity;sid:84249610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386210)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost-opbr/test/refs/heads/main/adobepdfreader.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386210/; classtype:trojan-activity;sid:84249310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386204)"; flow:established,from_client; content:"GET"; http_method; content:"/denispazin/uploads/refs/heads/main/1735500131.bin"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386204/; classtype:trojan-activity;sid:84249304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386193)"; flow:established,from_client; content:"GET"; http_method; content:"/denispazin/uploads/raw/refs/heads/main/1735500131.bin"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386193/; classtype:trojan-activity;sid:84249293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386147)"; flow:established,from_client; content:"GET"; http_method; content:"/c/j"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386147/; classtype:trojan-activity;sid:84249247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3385746/; classtype:trojan-activity;sid:84248846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.132.14.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385612/; classtype:trojan-activity;sid:84248712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.15.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385591/; classtype:trojan-activity;sid:84248691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.107.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385582/; classtype:trojan-activity;sid:84248682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385583/; classtype:trojan-activity;sid:84248683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385579/; classtype:trojan-activity;sid:84248679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385493)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.185.103.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385493/; classtype:trojan-activity;sid:84248593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385167)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/ultravnc.ini"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385167/; classtype:trojan-activity;sid:84248267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385165)"; flow:established,from_client; content:"GET"; http_method; content:"/net/coc%20coc.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385165/; classtype:trojan-activity;sid:84248265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385162)"; flow:established,from_client; content:"GET"; http_method; content:"/net/google%20chrome.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385162/; classtype:trojan-activity;sid:84248262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385032)"; flow:established,from_client; content:"GET"; http_method; content:"/5fr5gthkjdg71"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385032/; classtype:trojan-activity;sid:84248132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384953)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3384953/; classtype:trojan-activity;sid:84248053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384037)"; flow:established,from_client; content:"GET"; http_method; content:"/d4rk-v3n0m/test2/refs/heads/main/client.bin"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384037/; classtype:trojan-activity;sid:84247137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384038)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/refs/heads/main/diskutil.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384038/; classtype:trojan-activity;sid:84247138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384039)"; flow:established,from_client; content:"GET"; http_method; content:"/jackyz777/activebypass/refs/heads/main/systempreter.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384039/; classtype:trojan-activity;sid:84247139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384025)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384025/; classtype:trojan-activity;sid:84247125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384021)"; flow:established,from_client; content:"GET"; http_method; content:"/d4rk-v3n0m/test2/raw/refs/heads/main/client.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384021/; classtype:trojan-activity;sid:84247121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384007)"; flow:established,from_client; content:"GET"; http_method; content:"/mis/!help_sos.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384007/; classtype:trojan-activity;sid:84247107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384002)"; flow:established,from_client; content:"GET"; http_method; content:"/!help_sos.hta"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384002/; classtype:trojan-activity;sid:84247102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383931)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.62.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3383931/; classtype:trojan-activity;sid:84247031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383929)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"168.62.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3383929/; classtype:trojan-activity;sid:84247029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383927)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"168.62.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3383927/; classtype:trojan-activity;sid:84247027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383926)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"168.62.178.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3383926/; classtype:trojan-activity;sid:84247026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3383623)"; flow:established,from_client; content:"GET"; http_method; content:"/1.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3383623/; classtype:trojan-activity;sid:84246723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.28.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382777/; classtype:trojan-activity;sid:84245877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382552)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382552/; classtype:trojan-activity;sid:84245652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382532)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382532/; classtype:trojan-activity;sid:84245632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382520)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382520/; classtype:trojan-activity;sid:84245620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382507)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382507/; classtype:trojan-activity;sid:84245607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382383)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_30; reference:url, urlhaus.abuse.ch/url/3382383/; classtype:trojan-activity;sid:84245483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382119)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"60.188.59.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3382119/; classtype:trojan-activity;sid:84245219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382115)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.90.142.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3382115/; classtype:trojan-activity;sid:84245215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382105)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.112.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3382105/; classtype:trojan-activity;sid:84245205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380949/; classtype:trojan-activity;sid:84244049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380929/; classtype:trojan-activity;sid:84244029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380930/; classtype:trojan-activity;sid:84244030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.115.40.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380923/; classtype:trojan-activity;sid:84244023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380469)"; flow:established,from_client; content:"GET"; http_method; content:"/33.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.198.49.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380469/; classtype:trojan-activity;sid:84243569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380467)"; flow:established,from_client; content:"GET"; http_method; content:"/1.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.198.49.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380467/; classtype:trojan-activity;sid:84243567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3379473)"; flow:established,from_client; content:"GET"; http_method; content:"/obfdownload/doubleloaderdll.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"185.147.125.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3379473/; classtype:trojan-activity;sid:84242573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3379272)"; flow:established,from_client; content:"GET"; http_method; content:"/tcoin.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3379272/; classtype:trojan-activity;sid:84242372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378993/; classtype:trojan-activity;sid:84242093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378991/; classtype:trojan-activity;sid:84242091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.252.167.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378986/; classtype:trojan-activity;sid:84242086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.156.147.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378990/; classtype:trojan-activity;sid:84242090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.142.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378982/; classtype:trojan-activity;sid:84242082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378977/; classtype:trojan-activity;sid:84242077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378964/; classtype:trojan-activity;sid:84242064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.108.227.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378966/; classtype:trojan-activity;sid:84242066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.193.52.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378969/; classtype:trojan-activity;sid:84242069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.148.48.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378970/; classtype:trojan-activity;sid:84242070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.171.223.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378971/; classtype:trojan-activity;sid:84242071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.171.223.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378944/; classtype:trojan-activity;sid:84242044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.177.240.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378952/; classtype:trojan-activity;sid:84242052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378954/; classtype:trojan-activity;sid:84242054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.197.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378956/; classtype:trojan-activity;sid:84242056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.247.15.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378957/; classtype:trojan-activity;sid:84242057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.136.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378958/; classtype:trojan-activity;sid:84242058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.33.239.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378940/; classtype:trojan-activity;sid:84242040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378337)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.50.190.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378337/; classtype:trojan-activity;sid:84241437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378335)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.96.89.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378335/; classtype:trojan-activity;sid:84241435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378304)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.98.48.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378304/; classtype:trojan-activity;sid:84241404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378116)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_93.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sirault.be"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378116/; classtype:trojan-activity;sid:84241216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378016)"; flow:established,from_client; content:"GET"; http_method; content:"/fdiuioijofgrg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378016/; classtype:trojan-activity;sid:84241116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377988)"; flow:established,from_client; content:"GET"; http_method; content:"/nvcommander2/allgens/refs/heads/main/msgde.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377988/; classtype:trojan-activity;sid:84241088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377969)"; flow:established,from_client; content:"GET"; http_method; content:"/win/checking.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"qlqd5zqefmkcr34a.onion.sh"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377969/; classtype:trojan-activity;sid:84241069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377970)"; flow:established,from_client; content:"GET"; http_method; content:"/htaaa.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mandarin.net.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377970/; classtype:trojan-activity;sid:84241070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377935)"; flow:established,from_client; content:"GET"; http_method; content:"/ryycheats/ezfn-cheats-v2/refs/heads/main/ezfn%20op%20cheats.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377935/; classtype:trojan-activity;sid:84241035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377594)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.242.12.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377594/; classtype:trojan-activity;sid:84240694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377601)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.198.229.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377601/; classtype:trojan-activity;sid:84240701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377351)"; flow:established,from_client; content:"GET"; http_method; content:"/tienda4/musical/refs/heads/main/vncgroups.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377351/; classtype:trojan-activity;sid:84240451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377352)"; flow:established,from_client; content:"GET"; http_method; content:"/tienda4/musical/raw/refs/heads/main/vncgroups.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3377352/; classtype:trojan-activity;sid:84240452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376626)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_26; reference:url, urlhaus.abuse.ch/url/3376626/; classtype:trojan-activity;sid:84239726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376494)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.tar"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.210.148.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376494/; classtype:trojan-activity;sid:84239594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376473)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.115.40.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376473/; classtype:trojan-activity;sid:84239573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376380)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376380/; classtype:trojan-activity;sid:84239480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376329)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376329/; classtype:trojan-activity;sid:84239429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3376093)"; flow:established,from_client; content:"GET"; http_method; content:"/22.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.198.49.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_25; reference:url, urlhaus.abuse.ch/url/3376093/; classtype:trojan-activity;sid:84239193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373742)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealcy11.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373742/; classtype:trojan-activity;sid:84236842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373743)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/daw21.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373743/; classtype:trojan-activity;sid:84236843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373711)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/!help_sos.hta"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373711/; classtype:trojan-activity;sid:84236811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373507)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373507/; classtype:trojan-activity;sid:84236607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373506)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373506/; classtype:trojan-activity;sid:84236606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373494)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.53.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373494/; classtype:trojan-activity;sid:84236594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373495)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.19.23.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373495/; classtype:trojan-activity;sid:84236595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373504)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.0.204.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373504/; classtype:trojan-activity;sid:84236604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373486/; classtype:trojan-activity;sid:84236586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373487/; classtype:trojan-activity;sid:84236587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373492/; classtype:trojan-activity;sid:84236592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.92.254.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373351/; classtype:trojan-activity;sid:84236451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373087/; classtype:trojan-activity;sid:84236187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.96.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373088/; classtype:trojan-activity;sid:84236188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.6.14.187"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373083/; classtype:trojan-activity;sid:84236183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373071/; classtype:trojan-activity;sid:84236171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373074/; classtype:trojan-activity;sid:84236174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.236.0.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373075/; classtype:trojan-activity;sid:84236175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.39.7.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373077/; classtype:trojan-activity;sid:84236177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.2.14.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373078/; classtype:trojan-activity;sid:84236178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.109.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373080/; classtype:trojan-activity;sid:84236180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373053/; classtype:trojan-activity;sid:84236153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.128.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373055/; classtype:trojan-activity;sid:84236155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.153.52.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373056/; classtype:trojan-activity;sid:84236156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.205.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373058/; classtype:trojan-activity;sid:84236158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.162.140.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373059/; classtype:trojan-activity;sid:84236159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.166.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373061/; classtype:trojan-activity;sid:84236161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373062/; classtype:trojan-activity;sid:84236162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373063/; classtype:trojan-activity;sid:84236163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373064/; classtype:trojan-activity;sid:84236164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373067/; classtype:trojan-activity;sid:84236167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373048/; classtype:trojan-activity;sid:84236148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.107.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373050/; classtype:trojan-activity;sid:84236150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.151.185.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373045/; classtype:trojan-activity;sid:84236145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373043/; classtype:trojan-activity;sid:84236143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.13.165.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373042/; classtype:trojan-activity;sid:84236142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373032/; classtype:trojan-activity;sid:84236132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.148.113.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373033/; classtype:trojan-activity;sid:84236133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.182.13.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373035/; classtype:trojan-activity;sid:84236135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373036/; classtype:trojan-activity;sid:84236136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373037/; classtype:trojan-activity;sid:84236137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373017/; classtype:trojan-activity;sid:84236117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.233.59.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373022/; classtype:trojan-activity;sid:84236122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373023/; classtype:trojan-activity;sid:84236123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.245.244.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373024/; classtype:trojan-activity;sid:84236124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.101.230.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373025/; classtype:trojan-activity;sid:84236125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373009/; classtype:trojan-activity;sid:84236109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.89.112.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373011/; classtype:trojan-activity;sid:84236111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.52.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373012/; classtype:trojan-activity;sid:84236112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.162.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373007/; classtype:trojan-activity;sid:84236107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.160.216.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373005/; classtype:trojan-activity;sid:84236105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.28.209.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373003/; classtype:trojan-activity;sid:84236103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.204.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373001/; classtype:trojan-activity;sid:84236101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372974/; classtype:trojan-activity;sid:84236074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.211.187.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372975/; classtype:trojan-activity;sid:84236075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372979/; classtype:trojan-activity;sid:84236079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.218.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372981/; classtype:trojan-activity;sid:84236081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.158.158.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372986/; classtype:trojan-activity;sid:84236086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.165.170.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372987/; classtype:trojan-activity;sid:84236087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.16.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372988/; classtype:trojan-activity;sid:84236088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372989/; classtype:trojan-activity;sid:84236089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372990/; classtype:trojan-activity;sid:84236090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372991/; classtype:trojan-activity;sid:84236091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372994/; classtype:trojan-activity;sid:84236094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.57.125.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372999/; classtype:trojan-activity;sid:84236099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372968/; classtype:trojan-activity;sid:84236068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372966/; classtype:trojan-activity;sid:84236066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372961/; classtype:trojan-activity;sid:84236061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.37.126.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372962/; classtype:trojan-activity;sid:84236062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372951/; classtype:trojan-activity;sid:84236051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372954/; classtype:trojan-activity;sid:84236054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.177.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372956/; classtype:trojan-activity;sid:84236056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.23.51.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372957/; classtype:trojan-activity;sid:84236057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.209.88.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372958/; classtype:trojan-activity;sid:84236058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.23.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372959/; classtype:trojan-activity;sid:84236059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.222.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372960/; classtype:trojan-activity;sid:84236060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.205.84.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372936/; classtype:trojan-activity;sid:84236036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.223.44.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372937/; classtype:trojan-activity;sid:84236037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.201.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372939/; classtype:trojan-activity;sid:84236039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.178.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372940/; classtype:trojan-activity;sid:84236040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372941/; classtype:trojan-activity;sid:84236041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.121.33.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372942/; classtype:trojan-activity;sid:84236042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372944/; classtype:trojan-activity;sid:84236044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372945/; classtype:trojan-activity;sid:84236045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.117.240.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372947/; classtype:trojan-activity;sid:84236047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.8.81.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372929/; classtype:trojan-activity;sid:84236029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.206.205.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372930/; classtype:trojan-activity;sid:84236030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372931/; classtype:trojan-activity;sid:84236031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.23.51.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372932/; classtype:trojan-activity;sid:84236032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.64.128.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372928/; classtype:trojan-activity;sid:84236028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.69.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372926/; classtype:trojan-activity;sid:84236026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.6.12.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372924/; classtype:trojan-activity;sid:84236024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.19.227.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372922/; classtype:trojan-activity;sid:84236022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.74.21.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372903/; classtype:trojan-activity;sid:84236003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372902/; classtype:trojan-activity;sid:84236002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372900/; classtype:trojan-activity;sid:84236000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372901)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.180.255.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372901/; classtype:trojan-activity;sid:84236001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372891)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372891/; classtype:trojan-activity;sid:84235991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372892/; classtype:trojan-activity;sid:84235992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372893/; classtype:trojan-activity;sid:84235993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372896/; classtype:trojan-activity;sid:84235996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372898/; classtype:trojan-activity;sid:84235998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372881)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372881/; classtype:trojan-activity;sid:84235981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372883)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372883/; classtype:trojan-activity;sid:84235983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372884/; classtype:trojan-activity;sid:84235984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372886/; classtype:trojan-activity;sid:84235986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372887)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.141.62.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372887/; classtype:trojan-activity;sid:84235987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372888)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372888/; classtype:trojan-activity;sid:84235988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372890/; classtype:trojan-activity;sid:84235990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372871)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"206.204.128.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372871/; classtype:trojan-activity;sid:84235971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372876)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372876/; classtype:trojan-activity;sid:84235976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372877)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.247.47.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372877/; classtype:trojan-activity;sid:84235977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372878/; classtype:trojan-activity;sid:84235978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372879)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372879/; classtype:trojan-activity;sid:84235979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372880)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372880/; classtype:trojan-activity;sid:84235980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372704/; classtype:trojan-activity;sid:84235804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372705)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372705/; classtype:trojan-activity;sid:84235805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372701)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372701/; classtype:trojan-activity;sid:84235801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372691)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.101.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372691/; classtype:trojan-activity;sid:84235791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.92.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372693/; classtype:trojan-activity;sid:84235793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372687/; classtype:trojan-activity;sid:84235787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372688)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"133.106.109.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372688/; classtype:trojan-activity;sid:84235788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372684/; classtype:trojan-activity;sid:84235784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372686)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372686/; classtype:trojan-activity;sid:84235786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.77.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372674/; classtype:trojan-activity;sid:84235774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372677)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372677/; classtype:trojan-activity;sid:84235777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.96.121"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372670/; classtype:trojan-activity;sid:84235770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372671/; classtype:trojan-activity;sid:84235771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372657/; classtype:trojan-activity;sid:84235757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372658)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372658/; classtype:trojan-activity;sid:84235758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372662/; classtype:trojan-activity;sid:84235762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372664)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372664/; classtype:trojan-activity;sid:84235764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372655)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372655/; classtype:trojan-activity;sid:84235755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372654/; classtype:trojan-activity;sid:84235754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372651/; classtype:trojan-activity;sid:84235751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372650)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.48.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372650/; classtype:trojan-activity;sid:84235750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372645/; classtype:trojan-activity;sid:84235745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372646)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.103.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372646/; classtype:trojan-activity;sid:84235746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372625/; classtype:trojan-activity;sid:84235725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372627/; classtype:trojan-activity;sid:84235727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.215"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372630/; classtype:trojan-activity;sid:84235730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372631)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372631/; classtype:trojan-activity;sid:84235731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372635)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.215.129.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372635/; classtype:trojan-activity;sid:84235735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372636)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372636/; classtype:trojan-activity;sid:84235736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372639)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372639/; classtype:trojan-activity;sid:84235739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372642/; classtype:trojan-activity;sid:84235742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372617)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372617/; classtype:trojan-activity;sid:84235717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372620/; classtype:trojan-activity;sid:84235720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.109.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372621/; classtype:trojan-activity;sid:84235721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372622)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.140.204.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372622/; classtype:trojan-activity;sid:84235722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372615)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372615/; classtype:trojan-activity;sid:84235715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372590)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.76.249.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372590/; classtype:trojan-activity;sid:84235690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372123)"; flow:established,from_client; content:"GET"; http_method; content:"/112.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372123/; classtype:trojan-activity;sid:84235223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3371018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_21; reference:url, urlhaus.abuse.ch/url/3371018/; classtype:trojan-activity;sid:84234118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366734)"; flow:established,from_client; content:"GET"; http_method; content:"/metamail1/shll/raw/refs/heads/main/kk.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366734/; classtype:trojan-activity;sid:84229834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366720)"; flow:established,from_client; content:"GET"; http_method; content:"/nullspectre/whyareyouhere-/4bed170d797d5d2077bfc312d8badcd3c1dbaa74/test2.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366720/; classtype:trojan-activity;sid:84229820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366699)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/refs/heads/main/syncing.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366699/; classtype:trojan-activity;sid:84229799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366684)"; flow:established,from_client; content:"GET"; http_method; content:"/nullspectre/whyareyouhere-/raw/4bed170d797d5d2077bfc312d8badcd3c1dbaa74/test2.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_20; reference:url, urlhaus.abuse.ch/url/3366684/; classtype:trojan-activity;sid:84229784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.109.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366274/; classtype:trojan-activity;sid:84229374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.121.71.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366265/; classtype:trojan-activity;sid:84229365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.121.71.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366261/; classtype:trojan-activity;sid:84229361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.73.75.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366262/; classtype:trojan-activity;sid:84229362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.254.186.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366247/; classtype:trojan-activity;sid:84229347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.160.146.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366245/; classtype:trojan-activity;sid:84229345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.77.202.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366242/; classtype:trojan-activity;sid:84229342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.220.123.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366230/; classtype:trojan-activity;sid:84229330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3357645)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fo/imqvfo7ednyj6s2r7c9mi/adkapou7kdhwuotkkuqv_wi|3f|rlkey=e3gjg0fqsaqgiba3og4xydu9d|7c|26|7c|e=1|7c|26|7c|st=2vbjb92c|7c|26|7c|dl=0"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3357645/; classtype:trojan-activity;sid:84220745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.21.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356934/; classtype:trojan-activity;sid:84220034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.126.51.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356914/; classtype:trojan-activity;sid:84220014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/skifterne.sea"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356804)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool/xmrig.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356804/; classtype:trojan-activity;sid:84219904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356783)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356783/; classtype:trojan-activity;sid:84219883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356779)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356779/; classtype:trojan-activity;sid:84219879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356778)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356778/; classtype:trojan-activity;sid:84219878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356777)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356777/; classtype:trojan-activity;sid:84219877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356776)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/090cc5c1a5dc444dbeb0099f36f74657.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356776/; classtype:trojan-activity;sid:84219876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356775)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356775/; classtype:trojan-activity;sid:84219875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356772)"; flow:established,from_client; content:"GET"; http_method; content:"/dark_autre_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356772/; classtype:trojan-activity;sid:84219872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356773)"; flow:established,from_client; content:"GET"; http_method; content:"/in/1229.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356773/; classtype:trojan-activity;sid:84219873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356774)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356774/; classtype:trojan-activity;sid:84219874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356762)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356762/; classtype:trojan-activity;sid:84219862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356765)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356765/; classtype:trojan-activity;sid:84219865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356767)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356767/; classtype:trojan-activity;sid:84219867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; content:"GET"; http_method; content:"/futon"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; content:"GET"; http_method; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356770)"; flow:established,from_client; content:"GET"; http_method; content:"/dark_brout_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356770/; classtype:trojan-activity;sid:84219870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356771)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/b0b34b3375b144c680a0456ffdd639a0.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356771/; classtype:trojan-activity;sid:84219871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356759)"; flow:established,from_client; content:"GET"; http_method; content:"/nan_autre_ncrypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356759/; classtype:trojan-activity;sid:84219859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356755)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356755/; classtype:trojan-activity;sid:84219855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356756)"; flow:established,from_client; content:"GET"; http_method; content:"/pack_brout_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356756/; classtype:trojan-activity;sid:84219856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356748)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356748/; classtype:trojan-activity;sid:84219848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356751)"; flow:established,from_client; content:"GET"; http_method; content:"/simple"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356751/; classtype:trojan-activity;sid:84219851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356732)"; flow:established,from_client; content:"GET"; http_method; content:"/worldwindclient.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356732/; classtype:trojan-activity;sid:84219832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356733)"; flow:established,from_client; content:"GET"; http_method; content:"/dyno-ai.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356733/; classtype:trojan-activity;sid:84219833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356713)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356713/; classtype:trojan-activity;sid:84219813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356705)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/refs/heads/main/notallowedtocrypt.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356705/; classtype:trojan-activity;sid:84219805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356581)"; flow:established,from_client; content:"GET"; http_method; content:"/270/audi.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bruplong.oss-accelerate.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356581/; classtype:trojan-activity;sid:84219681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356471)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356471/; classtype:trojan-activity;sid:84219571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356463)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356463/; classtype:trojan-activity;sid:84219563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356464)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356464/; classtype:trojan-activity;sid:84219564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356465)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356465/; classtype:trojan-activity;sid:84219565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356466)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356466/; classtype:trojan-activity;sid:84219566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356467)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356467/; classtype:trojan-activity;sid:84219567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356468)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356468/; classtype:trojan-activity;sid:84219568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356470)"; flow:established,from_client; content:"GET"; http_method; content:"/libcef.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356470/; classtype:trojan-activity;sid:84219570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356458)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356458/; classtype:trojan-activity;sid:84219558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356461)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356461/; classtype:trojan-activity;sid:84219561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356457)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356457/; classtype:trojan-activity;sid:84219557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356455)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356455/; classtype:trojan-activity;sid:84219555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356456)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356456/; classtype:trojan-activity;sid:84219556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356453)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356453/; classtype:trojan-activity;sid:84219553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356454)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356454/; classtype:trojan-activity;sid:84219554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356450)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356450/; classtype:trojan-activity;sid:84219550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356451)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356451/; classtype:trojan-activity;sid:84219551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356452)"; flow:established,from_client; content:"GET"; http_method; content:"/xm.ocx"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356452/; classtype:trojan-activity;sid:84219552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356449)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a16eea1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356449/; classtype:trojan-activity;sid:84219549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356447)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356447/; classtype:trojan-activity;sid:84219547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356448)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a11xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356448/; classtype:trojan-activity;sid:84219548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356441)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a17rrr1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356441/; classtype:trojan-activity;sid:84219541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356442)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356442/; classtype:trojan-activity;sid:84219542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356444)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a26bbb1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356444/; classtype:trojan-activity;sid:84219544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356446)"; flow:established,from_client; content:"GET"; http_method; content:"/k360.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356446/; classtype:trojan-activity;sid:84219546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356175)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/refs/heads/main/cleanerv2.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356175/; classtype:trojan-activity;sid:84219275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356176)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356176/; classtype:trojan-activity;sid:84219276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356178)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/refs/heads/main/defender64.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356178/; classtype:trojan-activity;sid:84219278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356165)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/refs/heads/main/amogus.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356165/; classtype:trojan-activity;sid:84219265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356166)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356166/; classtype:trojan-activity;sid:84219266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356167)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/refs/heads/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356167/; classtype:trojan-activity;sid:84219267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356169)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356169/; classtype:trojan-activity;sid:84219269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356171)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/refs/heads/main/java.exe"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356171/; classtype:trojan-activity;sid:84219271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356163)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/refs/heads/main/example_win32_dx11.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356163/; classtype:trojan-activity;sid:84219263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356161)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356161/; classtype:trojan-activity;sid:84219261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356159)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/refs/heads/main/spectrum.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356159/; classtype:trojan-activity;sid:84219259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356157)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/refs/heads/main/wenzcord.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356157/; classtype:trojan-activity;sid:84219257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356156)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/refs/heads/main/svhost.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356156/; classtype:trojan-activity;sid:84219256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356146)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/refs/heads/main/sentil.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356146/; classtype:trojan-activity;sid:84219246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356147)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/refs/heads/main/client.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356147/; classtype:trojan-activity;sid:84219247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356148)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk97/xwqd21waddqwdv/refs/heads/main/server.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356148/; classtype:trojan-activity;sid:84219248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356137)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356137/; classtype:trojan-activity;sid:84219237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356138)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/refs/heads/main/installer.exe.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356138/; classtype:trojan-activity;sid:84219238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356140)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/refs/heads/main/testme.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356140/; classtype:trojan-activity;sid:84219240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356142)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/refs/heads/main/installer.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356142/; classtype:trojan-activity;sid:84219242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356143)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/main/client-built.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356143/; classtype:trojan-activity;sid:84219243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356135)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/refs/heads/main/856.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356135/; classtype:trojan-activity;sid:84219235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356136)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/refs/heads/main/runtimebroker.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356136/; classtype:trojan-activity;sid:84219236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/refs/heads/main/444.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356132)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/refs/heads/main/client.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356132/; classtype:trojan-activity;sid:84219232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356127)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/refs/heads/main/mos%20ssssttttt.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356127/; classtype:trojan-activity;sid:84219227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356128)"; flow:established,from_client; content:"GET"; http_method; content:"/h4ck3dv0d4/terminal-test/refs/heads/main/terminal_9235.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356128/; classtype:trojan-activity;sid:84219228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356129)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/refs/heads/main/server1.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356129/; classtype:trojan-activity;sid:84219229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356131)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/refs/heads/main/microsoft_hardware_launch.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356131/; classtype:trojan-activity;sid:84219231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356121)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356121/; classtype:trojan-activity;sid:84219221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356122)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/refs/heads/main/main.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356122/; classtype:trojan-activity;sid:84219222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356124)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/refs/heads/main/njsilent.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356124/; classtype:trojan-activity;sid:84219224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356125)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/refs/heads/main/aaa%20(3).exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356125/; classtype:trojan-activity;sid:84219225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356117)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/refs/heads/main/fusca%20game.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356117/; classtype:trojan-activity;sid:84219217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356112)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/refs/heads/main/krishna33.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356112/; classtype:trojan-activity;sid:84219212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356043/; classtype:trojan-activity;sid:84219143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3354003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.73.72.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3354003/; classtype:trojan-activity;sid:84217103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.127.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353968/; classtype:trojan-activity;sid:84217068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; content:"GET"; http_method; content:"/rookievip/xx/main/loader.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353607)"; flow:established,from_client; content:"GET"; http_method; content:"/d/s44"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353607/; classtype:trojan-activity;sid:84216707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353567)"; flow:established,from_client; content:"GET"; http_method; content:"/d/r44"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353567/; classtype:trojan-activity;sid:84216667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353415)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/refs/heads/main/benpolatalemdar.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353415/; classtype:trojan-activity;sid:84216515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353411)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/refs/heads/main/built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353411/; classtype:trojan-activity;sid:84216511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353407)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353407/; classtype:trojan-activity;sid:84216507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353404)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/refs/heads/main/perviy.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353404/; classtype:trojan-activity;sid:84216504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/prueba.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353402)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgelogger233/imagelogger/refs/heads/main/imagelogger.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353402/; classtype:trojan-activity;sid:84216502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353397)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353397/; classtype:trojan-activity;sid:84216497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353398)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/refs/heads/main/vtoroy.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353398/; classtype:trojan-activity;sid:84216498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353396)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/refs/heads/main/evetbeta.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353396/; classtype:trojan-activity;sid:84216496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353393)"; flow:established,from_client; content:"GET"; http_method; content:"/quas_brout_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353393/; classtype:trojan-activity;sid:84216493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353381)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353381/; classtype:trojan-activity;sid:84216481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353382)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/refs/heads/main/client-built-playit.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353382/; classtype:trojan-activity;sid:84216482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353380)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/refs/heads/main/client-built.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353380/; classtype:trojan-activity;sid:84216480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353374)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/refs/heads/main/kali_tools.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353374/; classtype:trojan-activity;sid:84216474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353363)"; flow:established,from_client; content:"GET"; http_method; content:"/videoxfrx/crealstealer/refs/heads/main/creal.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353363/; classtype:trojan-activity;sid:84216463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353358)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/main/shell.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353358/; classtype:trojan-activity;sid:84216458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353360)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/refs/heads/main/shell.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353360/; classtype:trojan-activity;sid:84216460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353354)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/refs/heads/main/fern_wifi_recon%252.34.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353354/; classtype:trojan-activity;sid:84216454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353355)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/refs/heads/main/asyncclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353355/; classtype:trojan-activity;sid:84216455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353352)"; flow:established,from_client; content:"GET"; http_method; content:"/quas_autre_ncrypt.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353352/; classtype:trojan-activity;sid:84216452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353347)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraundercode/rev/raw/main/client-built.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353347/; classtype:trojan-activity;sid:84216447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353349)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353349/; classtype:trojan-activity;sid:84216449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353332)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/raw/main/shell.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353332/; classtype:trojan-activity;sid:84216432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc_update.data"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353330)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/refs/heads/main/ddosziller.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353330/; classtype:trojan-activity;sid:84216430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353320)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/refs/heads/main/asyncclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353320/; classtype:trojan-activity;sid:84216420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353319)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/refs/heads/main/solara_protect.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353319/; classtype:trojan-activity;sid:84216419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353318)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/file3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353318/; classtype:trojan-activity;sid:84216418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353317)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/file3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353317/; classtype:trojan-activity;sid:84216417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353316)"; flow:established,from_client; content:"GET"; http_method; content:"/senju/senju_simple_vp.rar"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353316/; classtype:trojan-activity;sid:84216416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/n5hl9mgl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353314/; classtype:trojan-activity;sid:84216414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353315)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353315/; classtype:trojan-activity;sid:84216415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353312)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jwnv23gb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353312/; classtype:trojan-activity;sid:84216412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353309)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353309/; classtype:trojan-activity;sid:84216409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353307)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353307/; classtype:trojan-activity;sid:84216407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353304)"; flow:established,from_client; content:"GET"; http_method; content:"/koala/injek3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353304/; classtype:trojan-activity;sid:84216404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353306)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted_uclient.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353306/; classtype:trojan-activity;sid:84216406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353300)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353300/; classtype:trojan-activity;sid:84216400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353301)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injeksimple3.mentah"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353301/; classtype:trojan-activity;sid:84216401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353303)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353303/; classtype:trojan-activity;sid:84216403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353297)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_hard_vp.rar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353297/; classtype:trojan-activity;sid:84216397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353299)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353299/; classtype:trojan-activity;sid:84216399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353294)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injekkey.mentah"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353294/; classtype:trojan-activity;sid:84216394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353295)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353295/; classtype:trojan-activity;sid:84216395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353285)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/injek3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353285/; classtype:trojan-activity;sid:84216385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353286)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353286/; classtype:trojan-activity;sid:84216386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353287)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353287/; classtype:trojan-activity;sid:84216387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353288)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353288/; classtype:trojan-activity;sid:84216388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353289)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injek3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353289/; classtype:trojan-activity;sid:84216389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353290)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353290/; classtype:trojan-activity;sid:84216390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353291)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_simple_vp.rar"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353291/; classtype:trojan-activity;sid:84216391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353292)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/simple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353292/; classtype:trojan-activity;sid:84216392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353293)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353293/; classtype:trojan-activity;sid:84216393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353284)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353284/; classtype:trojan-activity;sid:84216384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353280)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353280/; classtype:trojan-activity;sid:84216380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353281)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353281/; classtype:trojan-activity;sid:84216381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353282)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injeksimple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353282/; classtype:trojan-activity;sid:84216382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353283)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353283/; classtype:trojan-activity;sid:84216383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353277)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex12344.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353277/; classtype:trojan-activity;sid:84216377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353278)"; flow:established,from_client; content:"GET"; http_method; content:"/xnn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353278/; classtype:trojan-activity;sid:84216378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353275)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353275/; classtype:trojan-activity;sid:84216375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353271)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injeksimple3.mentah"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353271/; classtype:trojan-activity;sid:84216371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353266)"; flow:established,from_client; content:"GET"; http_method; content:"/chromedriver.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353266/; classtype:trojan-activity;sid:84216366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353265)"; flow:established,from_client; content:"GET"; http_method; content:"/libccc.zip.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353265/; classtype:trojan-activity;sid:84216365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353264)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353264/; classtype:trojan-activity;sid:84216364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353262)"; flow:established,from_client; content:"GET"; http_method; content:"/vmpwn.7z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353262/; classtype:trojan-activity;sid:84216362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353261)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353261/; classtype:trojan-activity;sid:84216361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353260)"; flow:established,from_client; content:"GET"; http_method; content:"/tinynote.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353260/; classtype:trojan-activity;sid:84216360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353257)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353257/; classtype:trojan-activity;sid:84216357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353253)"; flow:established,from_client; content:"GET"; http_method; content:"/musl-dbgsym_1.2.2-1_amd64.ddeb"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353253/; classtype:trojan-activity;sid:84216353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353255)"; flow:established,from_client; content:"GET"; http_method; content:"/pig.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353255/; classtype:trojan-activity;sid:84216355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353256)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353256/; classtype:trojan-activity;sid:84216356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353250/; classtype:trojan-activity;sid:84216350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; content:"GET"; http_method; content:"/master.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353242/; classtype:trojan-activity;sid:84216342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353243/; classtype:trojan-activity;sid:84216343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353244/; classtype:trojan-activity;sid:84216344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353245)"; flow:established,from_client; content:"GET"; http_method; content:"/gold.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hardcore-cartwright.194-26-192-76.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353245/; classtype:trojan-activity;sid:84216345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; content:"GET"; http_method; content:"//google.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353247)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353247/; classtype:trojan-activity;sid:84216347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353249)"; flow:established,from_client; content:"GET"; http_method; content:"/nan_brout_ncrypt.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"93.176.52.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353249/; classtype:trojan-activity;sid:84216349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353237)"; flow:established,from_client; content:"GET"; http_method; content:"/out-encryptedscript.ps1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353237/; classtype:trojan-activity;sid:84216337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353238/; classtype:trojan-activity;sid:84216338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353234/; classtype:trojan-activity;sid:84216334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353235/; classtype:trojan-activity;sid:84216335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353231)"; flow:established,from_client; content:"GET"; http_method; content:"/sup.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353231/; classtype:trojan-activity;sid:84216331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353227)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353227/; classtype:trojan-activity;sid:84216327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353214)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353214/; classtype:trojan-activity;sid:84216314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353215)"; flow:established,from_client; content:"GET"; http_method; content:"/1010-duck-01.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353215/; classtype:trojan-activity;sid:84216315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; content:"GET"; http_method; content:"//chromesetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353212)"; flow:established,from_client; content:"GET"; http_method; content:"/oldxteam.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hardcore-cartwright.194-26-192-76.plesk.page"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353212/; classtype:trojan-activity;sid:84216312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353206)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injek3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353206/; classtype:trojan-activity;sid:84216306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353208)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353208/; classtype:trojan-activity;sid:84216308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353209)"; flow:established,from_client; content:"GET"; http_method; content:"/beetle/17.11.21/tools/run.hta"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"update.drp.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353209/; classtype:trojan-activity;sid:84216309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353199)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn-2.0.0rc7.dist-info/record"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353199/; classtype:trojan-activity;sid:84216299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353189/; classtype:trojan-activity;sid:84216289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353190/; classtype:trojan-activity;sid:84216290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353191)"; flow:established,from_client; content:"GET"; http_method; content:"/elf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353191/; classtype:trojan-activity;sid:84216291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353192/; classtype:trojan-activity;sid:84216292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353176)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%af%be%e4%bb%b6-%e7%ac%ac6%e8%af%be%e6%97%b6-910%e7%ab%a0%e8%8a%82.pptx"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353176/; classtype:trojan-activity;sid:84216276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353175)"; flow:established,from_client; content:"GET"; http_method; content:"/2022%e7%bd%91%e9%bc%8e%e6%9d%af%e5%8d%8a%e5%86%b3%e8%b5%9b.7z"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353175/; classtype:trojan-activity;sid:84216275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353174)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%89%af%e6%9c%ac21.3%e8%93%9d%e9%98%9f%e6%8a%a4%e7%bd%91%e9%9d%a2%e8%af%95%e8%b5%84%e6%96%99210303.xlsx"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353174/; classtype:trojan-activity;sid:84216274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; content:"GET"; http_method; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352828)"; flow:established,from_client; content:"GET"; http_method; content:"/c9ul"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352828/; classtype:trojan-activity;sid:84215928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352586)"; flow:established,from_client; content:"GET"; http_method; content:"/comitheicon/volatus0.5/refs/heads/main/volatus0.5.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352586/; classtype:trojan-activity;sid:84215686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352462)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.37.34.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352462/; classtype:trojan-activity;sid:84215562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352442)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.63.197"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352442/; classtype:trojan-activity;sid:84215542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352351)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/refs/heads/main/m.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352351/; classtype:trojan-activity;sid:84215451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352307)"; flow:established,from_client; content:"GET"; http_method; content:"/236236236"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352307/; classtype:trojan-activity;sid:84215407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352290)"; flow:established,from_client; content:"GET"; http_method; content:"/754468"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352290/; classtype:trojan-activity;sid:84215390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352182)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352182/; classtype:trojan-activity;sid:84215282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352180)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352180/; classtype:trojan-activity;sid:84215280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352178)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sintv.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352178/; classtype:trojan-activity;sid:84215278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352179)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sintv.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352179/; classtype:trojan-activity;sid:84215279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352176)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe|3f|b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352176/; classtype:trojan-activity;sid:84215276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352177)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352177/; classtype:trojan-activity;sid:84215277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352174)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/goldlummaa.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352174/; classtype:trojan-activity;sid:84215274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352175)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/goldlummaa.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352175/; classtype:trojan-activity;sid:84215275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351962)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/armv7l"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351962/; classtype:trojan-activity;sid:84215062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351945)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/mipsel"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351945/; classtype:trojan-activity;sid:84215045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351950)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/mips"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351950/; classtype:trojan-activity;sid:84215050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351954)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/mipsel"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351954/; classtype:trojan-activity;sid:84215054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351956)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/sh4"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351956/; classtype:trojan-activity;sid:84215056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351957)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/raw/refs/heads/main/x86_64"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351957/; classtype:trojan-activity;sid:84215057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351959)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/powerpc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351959/; classtype:trojan-activity;sid:84215059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351928)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv5l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351928/; classtype:trojan-activity;sid:84215028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351930)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/x86_32"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351930/; classtype:trojan-activity;sid:84215030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351925)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/i586"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351925/; classtype:trojan-activity;sid:84215025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351926)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm7"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351926/; classtype:trojan-activity;sid:84215026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351923)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv4l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351923/; classtype:trojan-activity;sid:84215023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351918)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/m68k"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351918/; classtype:trojan-activity;sid:84215018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351912)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/mpsl"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351912/; classtype:trojan-activity;sid:84215012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351897)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv6l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351897/; classtype:trojan-activity;sid:84214997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351899)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/mips"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351899/; classtype:trojan-activity;sid:84214999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351902)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/x86_64"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351902/; classtype:trojan-activity;sid:84215002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351888)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm6"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351888/; classtype:trojan-activity;sid:84214988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351892)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351892/; classtype:trojan-activity;sid:84214992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351893)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/arm5"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351893/; classtype:trojan-activity;sid:84214993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351883)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/m68k"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351883/; classtype:trojan-activity;sid:84214983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351886)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/raw/refs/heads/main/armv7l"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351886/; classtype:trojan-activity;sid:84214986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351887)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/sh4"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351887/; classtype:trojan-activity;sid:84214987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351881)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/refs/heads/main/mips"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351881/; classtype:trojan-activity;sid:84214981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351859)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/raw/refs/heads/main/collosalloader.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351859/; classtype:trojan-activity;sid:84214959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351829)"; flow:established,from_client; content:"GET"; http_method; content:"/jn.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"misljen.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351829/; classtype:trojan-activity;sid:84214929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351831)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351831/; classtype:trojan-activity;sid:84214931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351818)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/raw/refs/heads/main/client-built.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351818/; classtype:trojan-activity;sid:84214918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351820)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351820/; classtype:trojan-activity;sid:84214920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351826)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/refs/heads/main/client-built-playit.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351826/; classtype:trojan-activity;sid:84214926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351816)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351816/; classtype:trojan-activity;sid:84214916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351813)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/raw/refs/heads/main/amogus.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351813/; classtype:trojan-activity;sid:84214913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351810)"; flow:established,from_client; content:"GET"; http_method; content:"/videoxfrx/crealstealer/raw/refs/heads/main/creal.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351810/; classtype:trojan-activity;sid:84214910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351809)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/raw/refs/heads/main/built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351809/; classtype:trojan-activity;sid:84214909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351808)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351808/; classtype:trojan-activity;sid:84214908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351803)"; flow:established,from_client; content:"GET"; http_method; content:"/m4hvh2/dwadwa/raw/refs/heads/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351803/; classtype:trojan-activity;sid:84214903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.73.72.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351720/; classtype:trojan-activity;sid:84214820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351486)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/raw/refs/heads/main/installer.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351486/; classtype:trojan-activity;sid:84214586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351479)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351479/; classtype:trojan-activity;sid:84214579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; content:"GET"; http_method; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351473)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/rcf_omfnorh.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351473/; classtype:trojan-activity;sid:84214573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351474)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/installer.exe.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351474/; classtype:trojan-activity;sid:84214574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351469)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/microsoft_hardware_launch.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351469/; classtype:trojan-activity;sid:84214569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351470)"; flow:established,from_client; content:"GET"; http_method; content:"/sesafvr/ayo/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351470/; classtype:trojan-activity;sid:84214570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351471)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/raw/refs/heads/main/example_win32_dx11.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351471/; classtype:trojan-activity;sid:84214571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351464)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/domcfbs.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351464/; classtype:trojan-activity;sid:84214564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351465)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/raw/refs/heads/main/crspoof.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351465/; classtype:trojan-activity;sid:84214565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351466)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/raw/refs/heads/main/cleanerv2.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351466/; classtype:trojan-activity;sid:84214566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351462)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351462/; classtype:trojan-activity;sid:84214562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351460)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/raw/refs/heads/main/njsilent.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351460/; classtype:trojan-activity;sid:84214560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351459)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/raw/refs/heads/main/client-built.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351459/; classtype:trojan-activity;sid:84214559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351458)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/raw/refs/heads/main/svhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351458/; classtype:trojan-activity;sid:84214558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351454)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/apfjrdf.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351454/; classtype:trojan-activity;sid:84214554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351451)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351451/; classtype:trojan-activity;sid:84214551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351448)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xxdici"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351448/; classtype:trojan-activity;sid:84214548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351445)"; flow:established,from_client; content:"GET"; http_method; content:"/bormasina/test/raw/refs/heads/main/defender64.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351445/; classtype:trojan-activity;sid:84214545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351444)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/raw/refs/heads/main/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351444/; classtype:trojan-activity;sid:84214544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351441)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedk97/xwqd21waddqwdv/raw/refs/heads/main/server.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351441/; classtype:trojan-activity;sid:84214541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351435)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/dic1"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351435/; classtype:trojan-activity;sid:84214535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351436)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/rcm_dcdedkd.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351436/; classtype:trojan-activity;sid:84214536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351437)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/bkpmdom.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351437/; classtype:trojan-activity;sid:84214537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351438)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/raw/refs/heads/main/testme.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351438/; classtype:trojan-activity;sid:84214538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351439)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/iksjbpj.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351439/; classtype:trojan-activity;sid:84214539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351433)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/nov13"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351433/; classtype:trojan-activity;sid:84214533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351430)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351430/; classtype:trojan-activity;sid:84214530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351429)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/asy_dffaaep.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351429/; classtype:trojan-activity;sid:84214529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351428)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351428/; classtype:trojan-activity;sid:84214528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351422)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/evetbeta.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351422/; classtype:trojan-activity;sid:84214522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351424)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/raw/refs/heads/main/mos%20ssssttttt.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351424/; classtype:trojan-activity;sid:84214524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351419)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/raw/refs/heads/main/benpolatalemdar.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351419/; classtype:trojan-activity;sid:84214519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351417)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/raw/refs/heads/main/856.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351417/; classtype:trojan-activity;sid:84214517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351414)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/raw/refs/heads/main/main.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351414/; classtype:trojan-activity;sid:84214514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351411)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/raw/refs/heads/main/wenzcord.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351411/; classtype:trojan-activity;sid:84214511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351413)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xdci"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351413/; classtype:trojan-activity;sid:84214513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351407)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/refs/heads/main/client-built.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351407/; classtype:trojan-activity;sid:84214507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351408)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351408/; classtype:trojan-activity;sid:84214508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351409)"; flow:established,from_client; content:"GET"; http_method; content:"/cctv-security/rev/raw/refs/heads/main/client-built.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351409/; classtype:trojan-activity;sid:84214509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351399)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/pasrem13.txt"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351399/; classtype:trojan-activity;sid:84214499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351400)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/about-me/raw/refs/heads/main/discord.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351400/; classtype:trojan-activity;sid:84214500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351401)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/araofkh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351401/; classtype:trojan-activity;sid:84214501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351402)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351402/; classtype:trojan-activity;sid:84214502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351397)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/oahinkn.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351397/; classtype:trojan-activity;sid:84214497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351396)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/raw/refs/heads/main/notallowedtocrypt.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351396/; classtype:trojan-activity;sid:84214496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351392)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/raw/refs/heads/main/spectrum.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351392/; classtype:trojan-activity;sid:84214492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351389)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/krkmakc.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351389/; classtype:trojan-activity;sid:84214489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351390)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xeno"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351390/; classtype:trojan-activity;sid:84214490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351391)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/raw/refs/heads/main/webhook.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351391/; classtype:trojan-activity;sid:84214491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351386)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/raw/refs/heads/main/fusca%20game.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351386/; classtype:trojan-activity;sid:84214486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351383)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351383/; classtype:trojan-activity;sid:84214483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351376)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/raw/refs/heads/main/client.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351376/; classtype:trojan-activity;sid:84214476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351379)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351379/; classtype:trojan-activity;sid:84214479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351381)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351381/; classtype:trojan-activity;sid:84214481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351382)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/xwmm_aakkhbm.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351382/; classtype:trojan-activity;sid:84214482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351375)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/raw/refs/heads/main/client.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351375/; classtype:trojan-activity;sid:84214475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351369)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/fffaemf.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351369/; classtype:trojan-activity;sid:84214469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351363)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/bao.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351363/; classtype:trojan-activity;sid:84214463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351364)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/shellcode.bin"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351364/; classtype:trojan-activity;sid:84214464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351366)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/aaa%20(3).exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351366/; classtype:trojan-activity;sid:84214466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351368)"; flow:established,from_client; content:"GET"; http_method; content:"/litrik002/venomrat-v6.0.3-source-/raw/refs/heads/main/server.properties.resources.resources"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351368/; classtype:trojan-activity;sid:84214468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351361)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/xclien.txt"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351361/; classtype:trojan-activity;sid:84214461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351362)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/raw/refs/heads/main/xclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351362/; classtype:trojan-activity;sid:84214462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351359)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351359/; classtype:trojan-activity;sid:84214459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351355)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/igapsme.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351355/; classtype:trojan-activity;sid:84214455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351352)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/cool.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351352/; classtype:trojan-activity;sid:84214452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351353)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/101.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351353/; classtype:trojan-activity;sid:84214453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351350)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/raw/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351350/; classtype:trojan-activity;sid:84214450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351345)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/mor.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351345/; classtype:trojan-activity;sid:84214445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351341)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/raw/refs/heads/main/shellcode64.bin"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351341/; classtype:trojan-activity;sid:84214441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351344)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/play.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351344/; classtype:trojan-activity;sid:84214444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351340)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/11.bin"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351340/; classtype:trojan-activity;sid:84214440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351335)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/raw/refs/heads/main/crack.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351335/; classtype:trojan-activity;sid:84214435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351336)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/raw/refs/heads/main/kali_tools.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351336/; classtype:trojan-activity;sid:84214436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351334)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/diciembre"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351334/; classtype:trojan-activity;sid:84214434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351332)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/doom.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351332/; classtype:trojan-activity;sid:84214432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351333)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/2.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351333/; classtype:trojan-activity;sid:84214433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351326)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/gpieisb.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351326/; classtype:trojan-activity;sid:84214426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351328)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/king.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351328/; classtype:trojan-activity;sid:84214428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351330)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java.exe"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351330/; classtype:trojan-activity;sid:84214430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351324)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/1.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351324/; classtype:trojan-activity;sid:84214424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351325)"; flow:established,from_client; content:"GET"; http_method; content:"/mis/datepicker/!help_sos.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351325/; classtype:trojan-activity;sid:84214425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351321)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/key.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351321/; classtype:trojan-activity;sid:84214421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351319)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/perviy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351319/; classtype:trojan-activity;sid:84214419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351316)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/3.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351316/; classtype:trojan-activity;sid:84214416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351310)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/thong.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351310/; classtype:trojan-activity;sid:84214410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351312)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/sil.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351312/; classtype:trojan-activity;sid:84214412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351304)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/jaadkfh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351304/; classtype:trojan-activity;sid:84214404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351308)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/vtoroy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351308/; classtype:trojan-activity;sid:84214408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351301)"; flow:established,from_client; content:"GET"; http_method; content:"/h4ck3dv0d4/terminal-test/raw/refs/heads/main/terminal_9235.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351301/; classtype:trojan-activity;sid:84214401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351294)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/raw/refs/heads/main/krishna33.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351294/; classtype:trojan-activity;sid:84214394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351290)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/raw/refs/heads/main/crspoofer.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351290/; classtype:trojan-activity;sid:84214390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351287)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/raw/refs/heads/main/rmspas.txt"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351287/; classtype:trojan-activity;sid:84214387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351285)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/raw/refs/heads/main/rooahio.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351285/; classtype:trojan-activity;sid:84214385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351280)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/mera.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351280/; classtype:trojan-activity;sid:84214380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351268)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/refs/heads/main/myone.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351268/; classtype:trojan-activity;sid:84214368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351269)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/tretiy.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351269/; classtype:trojan-activity;sid:84214369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351270)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/raw/refs/heads/main/solara_protect.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351270/; classtype:trojan-activity;sid:84214370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351271)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/raw/refs/heads/main/fern_wifi_recon%252.34.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351271/; classtype:trojan-activity;sid:84214371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351272)"; flow:established,from_client; content:"GET"; http_method; content:"/ducminh23/ddosv1/raw/refs/heads/main/ddosziller.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351272/; classtype:trojan-activity;sid:84214372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351273)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/raw/refs/heads/main/shell.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351273/; classtype:trojan-activity;sid:84214373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351275)"; flow:established,from_client; content:"GET"; http_method; content:"/iamgelogger233/imagelogger/raw/refs/heads/main/imagelogger.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351275/; classtype:trojan-activity;sid:84214375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351256)"; flow:established,from_client; content:"GET"; http_method; content:"/mis/calendar/_notes/!help_sos.hta"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351256/; classtype:trojan-activity;sid:84214356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351249)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/raw/refs/heads/main/java32.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351249/; classtype:trojan-activity;sid:84214349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351247)"; flow:established,from_client; content:"GET"; http_method; content:"/endity123/fivem-spoofer/raw/refs/heads/main/reaper%20cfx%20spoofer%20v2.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351247/; classtype:trojan-activity;sid:84214347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351246)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/raw/refs/heads/main/asyncclient.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351246/; classtype:trojan-activity;sid:84214346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.59.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_15; reference:url, urlhaus.abuse.ch/url/3349512/; classtype:trojan-activity;sid:84212612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.205.55.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3348857/; classtype:trojan-activity;sid:84211957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348217)"; flow:established,from_client; content:"GET"; http_method; content:"/attatier/cloud/main/testexe.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348217/; classtype:trojan-activity;sid:84211317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.129.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348193/; classtype:trojan-activity;sid:84211293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347923)"; flow:established,from_client; content:"GET"; http_method; content:"/buihuyduc123/duccbotnet/main/system32.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347923/; classtype:trojan-activity;sid:84211023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347919)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/system32.exe/raw/refs/heads/master/system32.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347919/; classtype:trojan-activity;sid:84211019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347918)"; flow:established,from_client; content:"GET"; http_method; content:"/booombiimbamm/mods/main/system32.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347918/; classtype:trojan-activity;sid:84211018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347708)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.156.64.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347708/; classtype:trojan-activity;sid:84210808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347683)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.253.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347683/; classtype:trojan-activity;sid:84210783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp.elf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347438/; classtype:trojan-activity;sid:84210538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347432)"; flow:established,from_client; content:"GET"; http_method; content:"/temp.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347432/; classtype:trojan-activity;sid:84210532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp5.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347422/; classtype:trojan-activity;sid:84210522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347423)"; flow:established,from_client; content:"GET"; http_method; content:"/reverse.elf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347423/; classtype:trojan-activity;sid:84210523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp1.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347424/; classtype:trojan-activity;sid:84210524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp4.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347425/; classtype:trojan-activity;sid:84210525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347426/; classtype:trojan-activity;sid:84210526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347317)"; flow:established,from_client; content:"GET"; http_method; content:"/download/neofreesetup.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"download.emailorganizer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347317/; classtype:trojan-activity;sid:84210417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347311)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll|3f|e/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347311/; classtype:trojan-activity;sid:84210411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347309)"; flow:established,from_client; content:"GET"; http_method; content:"/download/trackyoursentolsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"download.emailorganizer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347309/; classtype:trojan-activity;sid:84210409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; content:"GET"; http_method; content:"/component/vc2005sp1redist_x86.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"windriversfiles.imeitools.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; content:"GET"; http_method; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346526)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l4.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346526/; classtype:trojan-activity;sid:84209626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346508)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dynpvoy.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346508/; classtype:trojan-activity;sid:84209608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346511)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/networkmanager.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346511/; classtype:trojan-activity;sid:84209611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346515)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l4.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346515/; classtype:trojan-activity;sid:84209615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dynpvoy.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346497/; classtype:trojan-activity;sid:84209597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346491)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rmx.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346491/; classtype:trojan-activity;sid:84209591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346487)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chrome11.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346487/; classtype:trojan-activity;sid:84209587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346475)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/networkmanager.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346475/; classtype:trojan-activity;sid:84209575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346469)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alexshlu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346469/; classtype:trojan-activity;sid:84209569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346465)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe|3f|b"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346465/; classtype:trojan-activity;sid:84209565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346467)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alexshlu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346467/; classtype:trojan-activity;sid:84209567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346077)"; flow:established,from_client; content:"GET"; http_method; content:"/ronaldorsantana/ronaldo/refs/heads/main/boleto.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346077/; classtype:trojan-activity;sid:84209177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346076)"; flow:established,from_client; content:"GET"; http_method; content:"/ronaldorsantana/ronaldo/raw/refs/heads/main/boleto.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346076/; classtype:trojan-activity;sid:84209176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346052)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll|3f|e"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346052/; classtype:trojan-activity;sid:84209152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346027)"; flow:established,from_client; content:"GET"; http_method; content:"/jy.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jrqh-hk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346027/; classtype:trojan-activity;sid:84209127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/41a1111.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346020)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/refs/heads/main/testingfile.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346020/; classtype:trojan-activity;sid:84209120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346000)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346000/; classtype:trojan-activity;sid:84209100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345993)"; flow:established,from_client; content:"GET"; http_method; content:"/dune64.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sporcketngearforu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345993/; classtype:trojan-activity;sid:84209093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3345678/; classtype:trojan-activity;sid:84208778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345289)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.180.176.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345289/; classtype:trojan-activity;sid:84208389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345094)"; flow:established,from_client; content:"GET"; http_method; content:"/download/neofindsetup.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"download.emailorganizer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345094/; classtype:trojan-activity;sid:84208194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345092)"; flow:established,from_client; content:"GET"; http_method; content:"/isnackycracky/keepassrdp/releases/latest/download/keepassrdp_v2.2.2.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345092/; classtype:trojan-activity;sid:84208192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; content:"GET"; http_method; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345087)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rmx.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345087/; classtype:trojan-activity;sid:84208187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345074)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/themes/darkblue_orange/img/!help_sos.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345074/; classtype:trojan-activity;sid:84208174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345075)"; flow:established,from_client; content:"GET"; http_method; content:"/dune64.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.sporcketngearforu.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345075/; classtype:trojan-activity;sid:84208175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345062)"; flow:established,from_client; content:"GET"; http_method; content:"/ys558pd/start.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"device.redirec.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345062/; classtype:trojan-activity;sid:84208162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345064)"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/themes/darkblue_orange/!help_sos.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"202.29.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345064/; classtype:trojan-activity;sid:84208164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3344719/; classtype:trojan-activity;sid:84207819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; content:"GET"; http_method; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340424)"; flow:established,from_client; content:"GET"; http_method; content:"/stressedb/redengine/refs/heads/main/loader.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340424/; classtype:trojan-activity;sid:84203524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest%20v1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/complexo%20v4.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/box3d.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/lkwan.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/flunix9.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/morovip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/hazaxd.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340391)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340391/; classtype:trojan-activity;sid:84203491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/blue_and_white.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; content:"GET"; http_method; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340322)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340322/; classtype:trojan-activity;sid:84203422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340031)"; flow:established,from_client; content:"GET"; http_method; content:"/htaaa.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mandarin.net.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340031/; classtype:trojan-activity;sid:84203131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340026)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/test-rat-do-not-download-exe/refs/heads/main/downloader.hta"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340026/; classtype:trojan-activity;sid:84203126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339297)"; flow:established,from_client; content:"GET"; http_method; content:"/vietnamplug.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ai-kling.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339297/; classtype:trojan-activity;sid:84202397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339296)"; flow:established,from_client; content:"GET"; http_method; content:"/vietnamplug.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ai-kling.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339296/; classtype:trojan-activity;sid:84202396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339266)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339266/; classtype:trojan-activity;sid:84202366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339269)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.52.16.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339269/; classtype:trojan-activity;sid:84202369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.23.51.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339264/; classtype:trojan-activity;sid:84202364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.14.187"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339257/; classtype:trojan-activity;sid:84202357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.166.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339250/; classtype:trojan-activity;sid:84202350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339252/; classtype:trojan-activity;sid:84202352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.142.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339253/; classtype:trojan-activity;sid:84202353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339245/; classtype:trojan-activity;sid:84202345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339247)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339247/; classtype:trojan-activity;sid:84202347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.121.71.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339249/; classtype:trojan-activity;sid:84202349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339241)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.23.51.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339241/; classtype:trojan-activity;sid:84202341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339238)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.245.244.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339238/; classtype:trojan-activity;sid:84202338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.211.187.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339239/; classtype:trojan-activity;sid:84202339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339240/; classtype:trojan-activity;sid:84202340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339236)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.15.137.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339236/; classtype:trojan-activity;sid:84202336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339226/; classtype:trojan-activity;sid:84202326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.236.0.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339227/; classtype:trojan-activity;sid:84202327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339229/; classtype:trojan-activity;sid:84202329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339230/; classtype:trojan-activity;sid:84202330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339234)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.222.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339234/; classtype:trojan-activity;sid:84202334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339220)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.101.230.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339220/; classtype:trojan-activity;sid:84202320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339221/; classtype:trojan-activity;sid:84202321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339222)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339222/; classtype:trojan-activity;sid:84202322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339209)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339209/; classtype:trojan-activity;sid:84202309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339202)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.205.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339202/; classtype:trojan-activity;sid:84202302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339206)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.148.48.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339206/; classtype:trojan-activity;sid:84202306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339200)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.165.170.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339200/; classtype:trojan-activity;sid:84202300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339193)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339193/; classtype:trojan-activity;sid:84202293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339185)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.2.14.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339185/; classtype:trojan-activity;sid:84202285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.206.205.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339186/; classtype:trojan-activity;sid:84202286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.208.104.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339182/; classtype:trojan-activity;sid:84202282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339177)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.236.129.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339177/; classtype:trojan-activity;sid:84202277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339168/; classtype:trojan-activity;sid:84202268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.151.185.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339169/; classtype:trojan-activity;sid:84202269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339171)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.57.125.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339171/; classtype:trojan-activity;sid:84202271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.37.126.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339165/; classtype:trojan-activity;sid:84202265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.220.123.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339161/; classtype:trojan-activity;sid:84202261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339156)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339156/; classtype:trojan-activity;sid:84202256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339157)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.148.113.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339157/; classtype:trojan-activity;sid:84202257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339152)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339152/; classtype:trojan-activity;sid:84202252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339147)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.254.186.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339147/; classtype:trojan-activity;sid:84202247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.162.140.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339142/; classtype:trojan-activity;sid:84202242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"163.182.13.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339140/; classtype:trojan-activity;sid:84202240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339133/; classtype:trojan-activity;sid:84202233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339118)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.218.189.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339118/; classtype:trojan-activity;sid:84202218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339120)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.195.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339120/; classtype:trojan-activity;sid:84202220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.107.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339121/; classtype:trojan-activity;sid:84202221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339124/; classtype:trojan-activity;sid:84202224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.178.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339127/; classtype:trojan-activity;sid:84202227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339116/; classtype:trojan-activity;sid:84202216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339114/; classtype:trojan-activity;sid:84202214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339115)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.121.71.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339115/; classtype:trojan-activity;sid:84202215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339111)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339111/; classtype:trojan-activity;sid:84202211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339106)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339106/; classtype:trojan-activity;sid:84202206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339109/; classtype:trojan-activity;sid:84202209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339093)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.205.84.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339093/; classtype:trojan-activity;sid:84202193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339095)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.146.11.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339095/; classtype:trojan-activity;sid:84202195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339097)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.117.240.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339097/; classtype:trojan-activity;sid:84202197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.72.199.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339098/; classtype:trojan-activity;sid:84202198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339099)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.233.95.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339099/; classtype:trojan-activity;sid:84202199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339100/; classtype:trojan-activity;sid:84202200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339103)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.160.146.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339103/; classtype:trojan-activity;sid:84202203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339084/; classtype:trojan-activity;sid:84202184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339086)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.121.33.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339086/; classtype:trojan-activity;sid:84202186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339082/; classtype:trojan-activity;sid:84202182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339075)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.121.71.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339075/; classtype:trojan-activity;sid:84202175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339076)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.121.71.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339076/; classtype:trojan-activity;sid:84202176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339065)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.158.158.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339065/; classtype:trojan-activity;sid:84202165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339061)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.153.52.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339061/; classtype:trojan-activity;sid:84202161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339019)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.106.152.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339019/; classtype:trojan-activity;sid:84202119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338963)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.38.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338963/; classtype:trojan-activity;sid:84202063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338967)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.62.69.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338967/; classtype:trojan-activity;sid:84202067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338948)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.104.22.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338948/; classtype:trojan-activity;sid:84202048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338920)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338920/; classtype:trojan-activity;sid:84202020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338918)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338918/; classtype:trojan-activity;sid:84202018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338906)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.89.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338906/; classtype:trojan-activity;sid:84202006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338860)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.98.194.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338860/; classtype:trojan-activity;sid:84201960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338843)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.63.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338843/; classtype:trojan-activity;sid:84201943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338813)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin2.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338813/; classtype:trojan-activity;sid:84201913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338810)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin1.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338810/; classtype:trojan-activity;sid:84201910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338811)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin2.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338811/; classtype:trojan-activity;sid:84201911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338812)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin1.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338812/; classtype:trojan-activity;sid:84201912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338758)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/berekegift.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338758/; classtype:trojan-activity;sid:84201858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338727)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/k1de2zkz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338727/; classtype:trojan-activity;sid:84201827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338726)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d8rb24m3.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338726/; classtype:trojan-activity;sid:84201826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338724)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lu4421.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338724/; classtype:trojan-activity;sid:84201824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338717)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lega.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338717/; classtype:trojan-activity;sid:84201817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338718)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/g9win6bb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338718/; classtype:trojan-activity;sid:84201818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338719)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dmn6qzwr.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338719/; classtype:trojan-activity;sid:84201819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338722)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kxfh9qhs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338722/; classtype:trojan-activity;sid:84201822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338714)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/app.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338714/; classtype:trojan-activity;sid:84201814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338712)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338712/; classtype:trojan-activity;sid:84201812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338708)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338708/; classtype:trojan-activity;sid:84201808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338706)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/main/mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338706/; classtype:trojan-activity;sid:84201806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338702)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v_dolg.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338702/; classtype:trojan-activity;sid:84201802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338693)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/sh4"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338693/; classtype:trojan-activity;sid:84201793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338687)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t8wl838w.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338687/; classtype:trojan-activity;sid:84201787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338675)"; flow:established,from_client; content:"GET"; http_method; content:"/rimase12/urika/raw/refs/heads/main/zeropersca.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338675/; classtype:trojan-activity;sid:84201775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338669)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/trru7rd2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338669/; classtype:trojan-activity;sid:84201769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338668)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5hvzv2sl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338668/; classtype:trojan-activity;sid:84201768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338664)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/atleqqxo.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338664/; classtype:trojan-activity;sid:84201764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338655)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/autoupdate.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338655/; classtype:trojan-activity;sid:84201755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; content:"GET"; http_method; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338653)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nsoft.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338653/; classtype:trojan-activity;sid:84201753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338650)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidthmonitor.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338650/; classtype:trojan-activity;sid:84201750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338644)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5hvzv2sl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338644/; classtype:trojan-activity;sid:84201744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338638)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin3.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338638/; classtype:trojan-activity;sid:84201738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338639)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2022.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338639/; classtype:trojan-activity;sid:84201739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338637)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/quzfesaq.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338637/; classtype:trojan-activity;sid:84201737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338635)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qpg08oli.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338635/; classtype:trojan-activity;sid:84201735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338633)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xmbld.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338633/; classtype:trojan-activity;sid:84201733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338631)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d4cye08a.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338631/; classtype:trojan-activity;sid:84201731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338627)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xao8gh38.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338627/; classtype:trojan-activity;sid:84201727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338624)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338624/; classtype:trojan-activity;sid:84201724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338625)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/p4cof96p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338625/; classtype:trojan-activity;sid:84201725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338623)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/r42aoop5.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338623/; classtype:trojan-activity;sid:84201723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338621)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/visagiftcardgen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338621/; classtype:trojan-activity;sid:84201721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338620)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2kudv4ea.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338620/; classtype:trojan-activity;sid:84201720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338606)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/roblox1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338606/; classtype:trojan-activity;sid:84201706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338599)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zk1b090h.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338599/; classtype:trojan-activity;sid:84201699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338591)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338591/; classtype:trojan-activity;sid:84201691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338590)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/szo0xbx8.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338590/; classtype:trojan-activity;sid:84201690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338581)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/alex2022.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338581/; classtype:trojan-activity;sid:84201681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1fxm3u0d.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338576/; classtype:trojan-activity;sid:84201676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338573)"; flow:established,from_client; content:"GET"; http_method; content:"/test/am209.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338573/; classtype:trojan-activity;sid:84201673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338572)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2v6wf6kn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338572/; classtype:trojan-activity;sid:84201672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338570)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.36.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338570/; classtype:trojan-activity;sid:84201670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338567)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/305iz8bs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338567/; classtype:trojan-activity;sid:84201667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338563)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mzjfgebm.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338563/; classtype:trojan-activity;sid:84201663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; content:"GET"; http_method; content:"/ga13372/jv/main/javaw.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338561)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3zv8x9q7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338561/; classtype:trojan-activity;sid:84201661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338554)"; flow:established,from_client; content:"GET"; http_method; content:"/jhpatchouli/payload/raw/master/artifact.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitee.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338554/; classtype:trojan-activity;sid:84201654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338550)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/n8um2y9v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338550/; classtype:trojan-activity;sid:84201650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; content:"GET"; http_method; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338542)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zq6a1iqg.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338542/; classtype:trojan-activity;sid:84201642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338534)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scj7cm7v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338534/; classtype:trojan-activity;sid:84201634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338535)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/arm6"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338535/; classtype:trojan-activity;sid:84201635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338527)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/app.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338527/; classtype:trojan-activity;sid:84201627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338524)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xmbld.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338524/; classtype:trojan-activity;sid:84201624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338525)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/szo0xbx8.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338525/; classtype:trojan-activity;sid:84201625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338526)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zk1b090h.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338526/; classtype:trojan-activity;sid:84201626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338518)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/l3bevvn7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338518/; classtype:trojan-activity;sid:84201618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338519)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/x6uvjuko.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338519/; classtype:trojan-activity;sid:84201619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338521)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/trru7rd2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338521/; classtype:trojan-activity;sid:84201621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338522)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d8rb24m3.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338522/; classtype:trojan-activity;sid:84201622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338516)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/europe123.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338516/; classtype:trojan-activity;sid:84201616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338515)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lu4421.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338515/; classtype:trojan-activity;sid:84201615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338514)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/atleqqxo.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338514/; classtype:trojan-activity;sid:84201614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338513)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lega.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338513/; classtype:trojan-activity;sid:84201613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338512)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidthmonitor.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338512/; classtype:trojan-activity;sid:84201612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338511)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v_dolg.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338511/; classtype:trojan-activity;sid:84201611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338510)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t8wl838w.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338510/; classtype:trojan-activity;sid:84201610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338506)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/d4cye08a.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338506/; classtype:trojan-activity;sid:84201606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; content:"GET"; http_method; content:"/aissardp/payload/main/payload.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338508)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nsoft.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338508/; classtype:trojan-activity;sid:84201608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; content:"GET"; http_method; content:"/cracker1337uwu/rrr/main/bypass.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338502)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mzjfgebm.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338502/; classtype:trojan-activity;sid:84201602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338501)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/aqbjn3fl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338501/; classtype:trojan-activity;sid:84201601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338500)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/visagiftcardgen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338500/; classtype:trojan-activity;sid:84201600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/305iz8bs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338497/; classtype:trojan-activity;sid:84201597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338496)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/g9win6bb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338496/; classtype:trojan-activity;sid:84201596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338495)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/quzfesaq.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338495/; classtype:trojan-activity;sid:84201595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmanmkt/repo1/main/exploit-2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/r42aoop5.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338489/; classtype:trojan-activity;sid:84201589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338490)"; flow:established,from_client; content:"GET"; http_method; content:"/plug/plugin3.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338490/; classtype:trojan-activity;sid:84201590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338486)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zq6a1iqg.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338486/; classtype:trojan-activity;sid:84201586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338483)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xao8gh38.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338483/; classtype:trojan-activity;sid:84201583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338473)"; flow:established,from_client; content:"GET"; http_method; content:"/fromfranceanb/d46c38bce2b0d9c6hcffa6baea82ece29fa6d238/main/injection.js"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338473/; classtype:trojan-activity;sid:84201573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338474)"; flow:established,from_client; content:"GET"; http_method; content:"/test/am209.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338474/; classtype:trojan-activity;sid:84201574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; content:"GET"; http_method; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338476)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/n8um2y9v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338476/; classtype:trojan-activity;sid:84201576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338462)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1fxm3u0d.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338462/; classtype:trojan-activity;sid:84201562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338463)"; flow:established,from_client; content:"GET"; http_method; content:"/justforexela/injection/main/injection.js"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338463/; classtype:trojan-activity;sid:84201563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338464)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scj7cm7v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338464/; classtype:trojan-activity;sid:84201564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338466)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dmn6qzwr.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338466/; classtype:trojan-activity;sid:84201566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; content:"GET"; http_method; content:"/fxtazz/injection/main/index.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338470)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2v6wf6kn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338470/; classtype:trojan-activity;sid:84201570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2kudv4ea.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338459/; classtype:trojan-activity;sid:84201559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338460)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/k1de2zkz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338460/; classtype:trojan-activity;sid:84201560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338458)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3zv8x9q7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338458/; classtype:trojan-activity;sid:84201558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; content:"GET"; http_method; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338434)"; flow:established,from_client; content:"GET"; http_method; content:"/sanzaz/phantomious/main/injection-clean.js"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338434/; classtype:trojan-activity;sid:84201534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338140)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/indentif.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338140/; classtype:trojan-activity;sid:84201240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338138)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hashed.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338138/; classtype:trojan-activity;sid:84201238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338139)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification-1.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338139/; classtype:trojan-activity;sid:84201239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338137)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338137/; classtype:trojan-activity;sid:84201237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338135)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338135/; classtype:trojan-activity;sid:84201235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338134)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installer.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338134/; classtype:trojan-activity;sid:84201234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338133)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/team.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338133/; classtype:trojan-activity;sid:84201233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338132)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338132/; classtype:trojan-activity;sid:84201232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338131)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/probnik.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338131/; classtype:trojan-activity;sid:84201231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338130)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ji2xlo1f.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338130/; classtype:trojan-activity;sid:84201230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338129)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338129/; classtype:trojan-activity;sid:84201229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338127)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ven_protected.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338127/; classtype:trojan-activity;sid:84201227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338126)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client_protected.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338126/; classtype:trojan-activity;sid:84201226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338125)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/worker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338125/; classtype:trojan-activity;sid:84201225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338124)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/resex.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338124/; classtype:trojan-activity;sid:84201224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338123)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qqq.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338123/; classtype:trojan-activity;sid:84201223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338122)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/semiconductornot.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338122/; classtype:trojan-activity;sid:84201222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338120)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold1234.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338120/; classtype:trojan-activity;sid:84201220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338121)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diff.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338121/; classtype:trojan-activity;sid:84201221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338118)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrar-x64-701.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338118/; classtype:trojan-activity;sid:84201218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338119)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/creal.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338119/; classtype:trojan-activity;sid:84201219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338116)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac222222.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338116/; classtype:trojan-activity;sid:84201216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338117)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/seo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338117/; classtype:trojan-activity;sid:84201217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338113)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t3.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338113/; classtype:trojan-activity;sid:84201213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338114)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pichon.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338114/; classtype:trojan-activity;sid:84201214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338112)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/octus.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338112/; classtype:trojan-activity;sid:84201212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338109)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bundle.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338109/; classtype:trojan-activity;sid:84201209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338110)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cbmefxrmnv.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338110/; classtype:trojan-activity;sid:84201210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338111)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/main.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338111/; classtype:trojan-activity;sid:84201211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338108)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/psfei0ez.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338108/; classtype:trojan-activity;sid:84201208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338107)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clcs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338107/; classtype:trojan-activity;sid:84201207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338105)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/msedge.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338105/; classtype:trojan-activity;sid:84201205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338104)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mobiletrans.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338104/; classtype:trojan-activity;sid:84201204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338101)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rage.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338101/; classtype:trojan-activity;sid:84201201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338102)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clsid.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338102/; classtype:trojan-activity;sid:84201202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338103)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zts.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338103/; classtype:trojan-activity;sid:84201203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338100)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338100/; classtype:trojan-activity;sid:84201200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338099)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cnyvvl.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338099/; classtype:trojan-activity;sid:84201199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338097)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338097/; classtype:trojan-activity;sid:84201197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338098)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dccrypt.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338098/; classtype:trojan-activity;sid:84201198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338095)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/prem1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338095/; classtype:trojan-activity;sid:84201195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338094)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kp8dnpa9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338094/; classtype:trojan-activity;sid:84201194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338090)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winx86.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338090/; classtype:trojan-activity;sid:84201190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338091)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j86piuq9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338091/; classtype:trojan-activity;sid:84201191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338092)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338092/; classtype:trojan-activity;sid:84201192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338093)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build555.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338093/; classtype:trojan-activity;sid:84201193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338088)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yxrd0ob7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338088/; classtype:trojan-activity;sid:84201188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338087)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/splwow64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338087/; classtype:trojan-activity;sid:84201187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338086)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338086/; classtype:trojan-activity;sid:84201186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338084)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gift-info.lmg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338084/; classtype:trojan-activity;sid:84201184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338085)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/penis.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338085/; classtype:trojan-activity;sid:84201185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338082)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/doc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338082/; classtype:trojan-activity;sid:84201182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338083)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/myrdx.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338083/; classtype:trojan-activity;sid:84201183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338081)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diskutility.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338081/; classtype:trojan-activity;sid:84201181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338079)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jb4w5s2l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338079/; classtype:trojan-activity;sid:84201179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338080)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/purlog.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338080/; classtype:trojan-activity;sid:84201180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338075)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewpeloxttug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338075/; classtype:trojan-activity;sid:84201175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338076)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/q1wnx5ir.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338076/; classtype:trojan-activity;sid:84201176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338077)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummetc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338077/; classtype:trojan-activity;sid:84201177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338078)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tu%d1%80111.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338078/; classtype:trojan-activity;sid:84201178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338073)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338073/; classtype:trojan-activity;sid:84201173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338074)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vn70wvxw.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338074/; classtype:trojan-activity;sid:84201174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338072)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ukodbcdcl.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338072/; classtype:trojan-activity;sid:84201172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338071)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/h5a71wdy.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338071/; classtype:trojan-activity;sid:84201171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338070)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ovrflw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338070/; classtype:trojan-activity;sid:84201170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338068)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gsprout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338068/; classtype:trojan-activity;sid:84201168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338069)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/meta.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338069/; classtype:trojan-activity;sid:84201169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338066)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unit.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338066/; classtype:trojan-activity;sid:84201166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338067)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338067/; classtype:trojan-activity;sid:84201167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338063)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installeraus.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338063/; classtype:trojan-activity;sid:84201163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338060)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338060/; classtype:trojan-activity;sid:84201160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338062)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default2.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338062/; classtype:trojan-activity;sid:84201162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338058)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bwapp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338058/; classtype:trojan-activity;sid:84201158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338059)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/shopfree.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338059/; classtype:trojan-activity;sid:84201159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338057)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/frap.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338057/; classtype:trojan-activity;sid:84201157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338055)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338055/; classtype:trojan-activity;sid:84201155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338056)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyl64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338056/; classtype:trojan-activity;sid:84201156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338054)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/explorer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338054/; classtype:trojan-activity;sid:84201154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338052)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/major.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338052/; classtype:trojan-activity;sid:84201152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338053)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338053/; classtype:trojan-activity;sid:84201153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338051)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338051/; classtype:trojan-activity;sid:84201151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338049)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/softina.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338049/; classtype:trojan-activity;sid:84201149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338048)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338048/; classtype:trojan-activity;sid:84201148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338046)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/completestudio.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338046/; classtype:trojan-activity;sid:84201146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338047)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/redsystem.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338047/; classtype:trojan-activity;sid:84201147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338044)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svchost.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338044/; classtype:trojan-activity;sid:84201144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338043)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe|3f|y"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338043/; classtype:trojan-activity;sid:84201143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338042)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ghost_0x000263826b9a9b91.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338042/; classtype:trojan-activity;sid:84201142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338041)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypteda.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338041/; classtype:trojan-activity;sid:84201141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338039)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338039/; classtype:trojan-activity;sid:84201139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338040)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/surfex.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338040/; classtype:trojan-activity;sid:84201140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338037)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/noll.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338037/; classtype:trojan-activity;sid:84201137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338038)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identifications.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338038/; classtype:trojan-activity;sid:84201138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338036)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338036/; classtype:trojan-activity;sid:84201136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338034)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uhigdbf.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338034/; classtype:trojan-activity;sid:84201134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338035)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zxcv.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338035/; classtype:trojan-activity;sid:84201135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338033)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neonn.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338033/; classtype:trojan-activity;sid:84201133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338031)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rstxdhuj.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338031/; classtype:trojan-activity;sid:84201131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338032)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338032/; classtype:trojan-activity;sid:84201132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338029)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/considerablewinners.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338029/; classtype:trojan-activity;sid:84201129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338030)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338030/; classtype:trojan-activity;sid:84201130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338028)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338028/; classtype:trojan-activity;sid:84201128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338027)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338027/; classtype:trojan-activity;sid:84201127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338025)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vhpcde.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338025/; classtype:trojan-activity;sid:84201125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338026)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzzz1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338026/; classtype:trojan-activity;sid:84201126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338024)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pctoccurred.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338024/; classtype:trojan-activity;sid:84201124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338021)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338021/; classtype:trojan-activity;sid:84201121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338022)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xyaw4fkp.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338022/; classtype:trojan-activity;sid:84201122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338023)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/deliciouspart.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338023/; classtype:trojan-activity;sid:84201123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338020)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dsds.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338020/; classtype:trojan-activity;sid:84201120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338018)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/utility-inst.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338018/; classtype:trojan-activity;sid:84201118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338019)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/contorax.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338019/; classtype:trojan-activity;sid:84201119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338016)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_valenciga.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338016/; classtype:trojan-activity;sid:84201116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338015)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/postbox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338015/; classtype:trojan-activity;sid:84201115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338014)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gdn5yfjd.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338014/; classtype:trojan-activity;sid:84201114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338012)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338012/; classtype:trojan-activity;sid:84201112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338009)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/microsoft.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338009/; classtype:trojan-activity;sid:84201109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338010)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/tn8cdkzn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338010/; classtype:trojan-activity;sid:84201110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338011)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ubi-inst.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338011/; classtype:trojan-activity;sid:84201111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338008)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/northsperm.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338008/; classtype:trojan-activity;sid:84201108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338007)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338007/; classtype:trojan-activity;sid:84201107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338006)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clip.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338006/; classtype:trojan-activity;sid:84201106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338001)"; flow:established,from_client; content:"GET"; http_method; content:"/store/vidar.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338001/; classtype:trojan-activity;sid:84201101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338002)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338002/; classtype:trojan-activity;sid:84201102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338003)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewrvuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338003/; classtype:trojan-activity;sid:84201103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338004)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xm.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338004/; classtype:trojan-activity;sid:84201104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338005)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ohtie89k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338005/; classtype:trojan-activity;sid:84201105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338000)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/install2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338000/; classtype:trojan-activity;sid:84201100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337998)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legas.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337998/; classtype:trojan-activity;sid:84201098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337997)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dtrade_v1.3.6.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337997/; classtype:trojan-activity;sid:84201097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337994)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/te3tlsre.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337994/; classtype:trojan-activity;sid:84201094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337995)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build9.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337995/; classtype:trojan-activity;sid:84201095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337996)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/exclude.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337996/; classtype:trojan-activity;sid:84201096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337993)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cclent.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337993/; classtype:trojan-activity;sid:84201093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337992)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/singerjudy.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337992/; classtype:trojan-activity;sid:84201092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337990)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337990/; classtype:trojan-activity;sid:84201090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337989)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac22222.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337989/; classtype:trojan-activity;sid:84201089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337988)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build11.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337988/; classtype:trojan-activity;sid:84201088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337985)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vlst.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337985/; classtype:trojan-activity;sid:84201085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337986)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/buildred.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337986/; classtype:trojan-activity;sid:84201086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337987)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/systems.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337987/; classtype:trojan-activity;sid:84201087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337984)"; flow:established,from_client; content:"GET"; http_method; content:"/lego/ama.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337984/; classtype:trojan-activity;sid:84201084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337983)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rdx123456.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337983/; classtype:trojan-activity;sid:84201083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337982)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pkcontent.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337982/; classtype:trojan-activity;sid:84201082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337980)"; flow:established,from_client; content:"GET"; http_method; content:"/off/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337980/; classtype:trojan-activity;sid:84201080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337981)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/operation6572.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337981/; classtype:trojan-activity;sid:84201081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337979)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loadnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337979/; classtype:trojan-activity;sid:84201079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337978)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kill.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337978/; classtype:trojan-activity;sid:84201078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337975)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337975/; classtype:trojan-activity;sid:84201075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337976)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/test.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337976/; classtype:trojan-activity;sid:84201076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337977)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsexecutable.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337977/; classtype:trojan-activity;sid:84201077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337974)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mswgoudnv.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337974/; classtype:trojan-activity;sid:84201074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337972)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/survox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337972/; classtype:trojan-activity;sid:84201072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337973)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/feb9sxwk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337973/; classtype:trojan-activity;sid:84201073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337971)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/freedom.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337971/; classtype:trojan-activity;sid:84201071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337966)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld611114.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337966/; classtype:trojan-activity;sid:84201066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337967)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/coreplugin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337967/; classtype:trojan-activity;sid:84201067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337968)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337968/; classtype:trojan-activity;sid:84201068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337969)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ldqj18tn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337969/; classtype:trojan-activity;sid:84201069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337970)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cudo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337970/; classtype:trojan-activity;sid:84201070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337965)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cccc2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337965/; classtype:trojan-activity;sid:84201065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337963)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337963/; classtype:trojan-activity;sid:84201063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337964)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rms1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337964/; classtype:trojan-activity;sid:84201064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337959)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kmvcsaed.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337959/; classtype:trojan-activity;sid:84201059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337960)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hhnjqu9y.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337960/; classtype:trojan-activity;sid:84201060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337961)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loader_5879465914.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337961/; classtype:trojan-activity;sid:84201061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337958)"; flow:established,from_client; content:"GET"; http_method; content:"/store/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337958/; classtype:trojan-activity;sid:84201058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337956)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidar.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337956/; classtype:trojan-activity;sid:84201056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337957)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/taskhost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337957/; classtype:trojan-activity;sid:84201057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337955)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/needmoney.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337955/; classtype:trojan-activity;sid:84201055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337954)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337954/; classtype:trojan-activity;sid:84201054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337953)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neon.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337953/; classtype:trojan-activity;sid:84201053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337952)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pimer_bbbcontents7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337952/; classtype:trojan-activity;sid:84201052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337951)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new_v8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337951/; classtype:trojan-activity;sid:84201051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337947)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted8888.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337947/; classtype:trojan-activity;sid:84201047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337948)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kitty.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337948/; classtype:trojan-activity;sid:84201048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337949)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v7wa24td.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337949/; classtype:trojan-activity;sid:84201049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337946)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cookie250.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337946/; classtype:trojan-activity;sid:84201046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337945)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pharmaciesdetection.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337945/; classtype:trojan-activity;sid:84201045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337944)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337944/; classtype:trojan-activity;sid:84201044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337941)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yoyf.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337941/; classtype:trojan-activity;sid:84201041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337942)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/f86nrrc6.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337942/; classtype:trojan-activity;sid:84201042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337938)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sgx4824p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337938/; classtype:trojan-activity;sid:84201038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337940)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chicken123.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337940/; classtype:trojan-activity;sid:84201040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337937)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scheduledllama.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337937/; classtype:trojan-activity;sid:84201037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337935)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrarinstall.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337935/; classtype:trojan-activity;sid:84201035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337936)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxl.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337936/; classtype:trojan-activity;sid:84201036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337934)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/drchoe.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337934/; classtype:trojan-activity;sid:84201034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337932)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/launcher.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337932/; classtype:trojan-activity;sid:84201032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337933)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxxx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337933/; classtype:trojan-activity;sid:84201033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337931)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ufw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337931/; classtype:trojan-activity;sid:84201031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337930)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gaozw40v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337930/; classtype:trojan-activity;sid:84201030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337928)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dcratbuild.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337928/; classtype:trojan-activity;sid:84201028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337929)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337929/; classtype:trojan-activity;sid:84201029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337927)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ha7dur10.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337927/; classtype:trojan-activity;sid:84201027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337924)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/consoleapp3.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337924/; classtype:trojan-activity;sid:84201024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337921)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337921/; classtype:trojan-activity;sid:84201021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337922)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337922/; classtype:trojan-activity;sid:84201022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337919)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337919/; classtype:trojan-activity;sid:84201019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337916)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/influencednervous.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337916/; classtype:trojan-activity;sid:84201016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337917)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newfile.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337917/; classtype:trojan-activity;sid:84201017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337918)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337918/; classtype:trojan-activity;sid:84201018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337914)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337914/; classtype:trojan-activity;sid:84201014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337915)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mynewrdx.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337915/; classtype:trojan-activity;sid:84201015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337913)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_daval.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337913/; classtype:trojan-activity;sid:84201013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337912)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/googleupdate.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337912/; classtype:trojan-activity;sid:84201012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337910)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xclient_protected.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337910/; classtype:trojan-activity;sid:84201010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337908)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qth5kdee.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337908/; classtype:trojan-activity;sid:84201008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337909)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gagagggagagag.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337909/; classtype:trojan-activity;sid:84201009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337905)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/divinedialogue.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337905/; classtype:trojan-activity;sid:84201005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337907)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvv.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337907/; classtype:trojan-activity;sid:84201007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337904)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidsusername.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337904/; classtype:trojan-activity;sid:84201004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337903)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j4vzzuai.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337903/; classtype:trojan-activity;sid:84201003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/opdxdyeul.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337896/; classtype:trojan-activity;sid:84200996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337897)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onedrive.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337897/; classtype:trojan-activity;sid:84200997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337898)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/request.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337898/; classtype:trojan-activity;sid:84200998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337899)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteheroin.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337899/; classtype:trojan-activity;sid:84200999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337901)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onlysteal.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337901/; classtype:trojan-activity;sid:84201001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337894)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337894/; classtype:trojan-activity;sid:84200994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337895)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/robotic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337895/; classtype:trojan-activity;sid:84200995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337890)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stub.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337890/; classtype:trojan-activity;sid:84200990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337891)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cc2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337891/; classtype:trojan-activity;sid:84200991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337892)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dos.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337892/; classtype:trojan-activity;sid:84200992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337893)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mepaxil.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337893/; classtype:trojan-activity;sid:84200993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337889)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhostc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337889/; classtype:trojan-activity;sid:84200989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337884)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted25.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337884/; classtype:trojan-activity;sid:84200984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337885)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/runtime.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337885/; classtype:trojan-activity;sid:84200985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337886)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/js.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337886/; classtype:trojan-activity;sid:84200986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337883)"; flow:established,from_client; content:"GET"; http_method; content:"/test/do.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337883/; classtype:trojan-activity;sid:84200983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337882)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator222.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337882/; classtype:trojan-activity;sid:84200982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337881)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337881/; classtype:trojan-activity;sid:84200981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337880)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7777.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337880/; classtype:trojan-activity;sid:84200980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337879)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/8.11.9-windows.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337879/; classtype:trojan-activity;sid:84200979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337878)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bitcoincore.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337878/; classtype:trojan-activity;sid:84200978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337877)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1111.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337877/; classtype:trojan-activity;sid:84200977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337876)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337876/; classtype:trojan-activity;sid:84200976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337875)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337875/; classtype:trojan-activity;sid:84200975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337874)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3yh8gdte.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337874/; classtype:trojan-activity;sid:84200974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337872)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/battlegermany.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337872/; classtype:trojan-activity;sid:84200972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337873)"; flow:established,from_client; content:"GET"; http_method; content:"/clip/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337873/; classtype:trojan-activity;sid:84200973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337871)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/41m98slk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337871/; classtype:trojan-activity;sid:84200971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337870)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadeus.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337870/; classtype:trojan-activity;sid:84200970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337869)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/blackload.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337869/; classtype:trojan-activity;sid:84200969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337868)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3546345.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337868/; classtype:trojan-activity;sid:84200968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337867)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bqkriy6l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337867/; classtype:trojan-activity;sid:84200967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337866)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/broadcom5.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337866/; classtype:trojan-activity;sid:84200966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337863)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bildnewl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337863/; classtype:trojan-activity;sid:84200963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337864)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2r61ahry.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337864/; classtype:trojan-activity;sid:84200964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337865)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/30072024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337865/; classtype:trojan-activity;sid:84200965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337862)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88851n80.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337862/; classtype:trojan-activity;sid:84200962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337861)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5447jsx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337861/; classtype:trojan-activity;sid:84200961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337860)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/18ijuw13.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337860/; classtype:trojan-activity;sid:84200960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337858)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/99awhy8l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337858/; classtype:trojan-activity;sid:84200958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337859)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337859/; classtype:trojan-activity;sid:84200959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337854)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/23c2343.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337854/; classtype:trojan-activity;sid:84200954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337855)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/343dsxs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337855/; classtype:trojan-activity;sid:84200955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337856)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6190317556063017550.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337856/; classtype:trojan-activity;sid:84200956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337857)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3544436.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337857/; classtype:trojan-activity;sid:84200957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337853)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadey.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337853/; classtype:trojan-activity;sid:84200953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337851)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5gevcp8z.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337851/; classtype:trojan-activity;sid:84200951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337850)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6253708004881862888.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337850/; classtype:trojan-activity;sid:84200950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337847)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88aext0k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337847/; classtype:trojan-activity;sid:84200947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337848)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337848/; classtype:trojan-activity;sid:84200948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337846)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337846/; classtype:trojan-activity;sid:84200946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ai2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337844/; classtype:trojan-activity;sid:84200944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337845)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5knchalah.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337845/; classtype:trojan-activity;sid:84200945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337842)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/6nteyex7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337842/; classtype:trojan-activity;sid:84200942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337843)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64_1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337843/; classtype:trojan-activity;sid:84200943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337841)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidth_monitor.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337841/; classtype:trojan-activity;sid:84200941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337839)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/0b44ippu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337839/; classtype:trojan-activity;sid:84200939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337840)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/annesalt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337840/; classtype:trojan-activity;sid:84200940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337838)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armadegon.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337838/; classtype:trojan-activity;sid:84200938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337832)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armanivenntii_crypted_easy.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337832/; classtype:trojan-activity;sid:84200932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337833)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/baddstore.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337833/; classtype:trojan-activity;sid:84200933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337834)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337834/; classtype:trojan-activity;sid:84200934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337835)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7cl16anh.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337835/; classtype:trojan-activity;sid:84200935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337836)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337836/; classtype:trojan-activity;sid:84200936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337829)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/06082025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337829/; classtype:trojan-activity;sid:84200929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337830)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/12.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337830/; classtype:trojan-activity;sid:84200930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337831)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/300.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337831/; classtype:trojan-activity;sid:84200931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337825)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/123.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337825/; classtype:trojan-activity;sid:84200925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337826)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-24_23-16.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337826/; classtype:trojan-activity;sid:84200926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337827)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337827/; classtype:trojan-activity;sid:84200927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/14082024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337828/; classtype:trojan-activity;sid:84200928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337823)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-27_00-41.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337823/; classtype:trojan-activity;sid:84200923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337824)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4434.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337824/; classtype:trojan-activity;sid:84200924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337822)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-25_20-56.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337822/; classtype:trojan-activity;sid:84200922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337821)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/processclass.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337821/; classtype:trojan-activity;sid:84200921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/f/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/c/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/i/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337653/; classtype:trojan-activity;sid:84200753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337649/; classtype:trojan-activity;sid:84200749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.150.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337279/; classtype:trojan-activity;sid:84200379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337209/; classtype:trojan-activity;sid:84200309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337022)"; flow:established,from_client; content:"GET"; http_method; content:"/avevasion.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"158.101.196.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337022/; classtype:trojan-activity;sid:84200122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337024)"; flow:established,from_client; content:"GET"; http_method; content:"/execute.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.101.196.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337024/; classtype:trojan-activity;sid:84200124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337015)"; flow:established,from_client; content:"GET"; http_method; content:"/v0lt/virtualdub2/releases/download/2.1.3/virtualdub2_v2.1.3.667_win32.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337015/; classtype:trojan-activity;sid:84200115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337009)"; flow:established,from_client; content:"GET"; http_method; content:"/titan3/us/world/titan.w1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.pharorg.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337009/; classtype:trojan-activity;sid:84200109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337010)"; flow:established,from_client; content:"GET"; http_method; content:"/cgpro/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337010/; classtype:trojan-activity;sid:84200110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337008)"; flow:established,from_client; content:"GET"; http_method; content:"/uploadvltt/autokeoxe.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"quanly.jxmienphi.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337008/; classtype:trojan-activity;sid:84200108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337004)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidixelaina/wuselaina/raw/refs/heads/main/build.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337004/; classtype:trojan-activity;sid:84200104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; content:"GET"; http_method; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336983)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/raw/refs/heads/main/black.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336983/; classtype:trojan-activity;sid:84200083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.88.242.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336469/; classtype:trojan-activity;sid:84199569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336291/; classtype:trojan-activity;sid:84199391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336275)"; flow:established,from_client; content:"GET"; http_method; content:"/leetspoofer.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.141.26.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336275/; classtype:trojan-activity;sid:84199375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336095)"; flow:established,from_client; content:"GET"; http_method; content:"/stubgenerator/stub/main/stub.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336095/; classtype:trojan-activity;sid:84199195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336094)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/main/stub.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336094/; classtype:trojan-activity;sid:84199194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336082)"; flow:established,from_client; content:"GET"; http_method; content:"/yzm/bd.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"m.gutousoft.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336082/; classtype:trojan-activity;sid:84199182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; content:"GET"; http_method; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; content:"GET"; http_method; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; content:"GET"; http_method; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336060)"; flow:established,from_client; content:"GET"; http_method; content:"/snake/hack.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dangtienluc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336060/; classtype:trojan-activity;sid:84199160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; content:"GET"; http_method; content:"/anessdev/talha/main/talha.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336051)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336051/; classtype:trojan-activity;sid:84199151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335209)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335209/; classtype:trojan-activity;sid:84198309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335199)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/brive/recepisse/202403/10/doc2lgpu2jwfets.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335199/; classtype:trojan-activity;sid:84198299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335200)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/distrimobile/recepisse/202407/30/fuss983_20240725_150732.tif"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335200/; classtype:trojan-activity;sid:84198300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335175)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks32_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335175/; classtype:trojan-activity;sid:84198275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335174)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowforce2008_64_add.vmp.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335174/; classtype:trojan-activity;sid:84198274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335173)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks64_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335173/; classtype:trojan-activity;sid:84198273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335166)"; flow:established,from_client; content:"GET"; http_method; content:"/upm2008.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335166/; classtype:trojan-activity;sid:84198266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335156)"; flow:established,from_client; content:"GET"; http_method; content:"/ndisinstaller3.2.32.1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335156/; classtype:trojan-activity;sid:84198256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335157)"; flow:established,from_client; content:"GET"; http_method; content:"/s7vctk/patchgame/_autovlbs19_new/trainjx.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gachetroi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335157/; classtype:trojan-activity;sid:84198257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/2018-11/20181122103207926164.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"xww.bucea.edu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335147)"; flow:established,from_client; content:"GET"; http_method; content:"/iatinfect2008_64.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335147/; classtype:trojan-activity;sid:84198247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335141)"; flow:established,from_client; content:"GET"; http_method; content:"/winsetaccess64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335141/; classtype:trojan-activity;sid:84198241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335142)"; flow:established,from_client; content:"GET"; http_method; content:"/net/run.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335142/; classtype:trojan-activity;sid:84198242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335135)"; flow:established,from_client; content:"GET"; http_method; content:"/writedat.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335135/; classtype:trojan-activity;sid:84198235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335136)"; flow:established,from_client; content:"GET"; http_method; content:"/mport.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335136/; classtype:trojan-activity;sid:84198236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335134)"; flow:established,from_client; content:"GET"; http_method; content:"/iland.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335134/; classtype:trojan-activity;sid:84198234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335119)"; flow:established,from_client; content:"GET"; http_method; content:"/mytime/files/3.3.7.0/mytime.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"down.ruanmei.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335119/; classtype:trojan-activity;sid:84198219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; content:"GET"; http_method; content:"/cg70/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335094)"; flow:established,from_client; content:"GET"; http_method; content:"/misc/tools/exporttabletester.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ximonite.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335094/; classtype:trojan-activity;sid:84198194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; content:"GET"; http_method; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"hhbs.hhu.edu.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335073)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/453903/wqc7f5s8lhm8mu0clzhwbl3lp|3f|token=eyjhbgcioijkaxiilcjlbmmioijbmti4q0jdluhtmju2in0..kok-c08tg1sb0rkwxyurvg.7ptb2bey9etqrwrfe3gvzgp-gdctw-nokzbirrowi-iwjtdmjfntorattitqom-5eqrbhzpurovcmmmjxks4knjpxbahy0bahdwidwtu6cuucpoigdw4l9jv2px7wsngjqoqp_dy8fpl_1z6j2no0z_rrawi5g3dj3vggkr-wcthkncz5a8o6febbffjiyc7oij5okn6o4janis5qd7btxoqqitdsic5s2bduud6ozsfsdjsc54szpt2gg4zgz8iuag3pv4apwyt_eo-owc_8q.o9d2owtjtv0voyqxis2afq"; http_uri; depth:427; isdataat:!1,relative; nocase; content:"p20.zdusercontent.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335073/; classtype:trojan-activity;sid:84198173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333656)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/refs/heads/main/main1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333656/; classtype:trojan-activity;sid:84196756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333524)"; flow:established,from_client; content:"GET"; http_method; content:"/cuahangcamera/yoosee/zip/refs/tags/1.0.0.54"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333524/; classtype:trojan-activity;sid:84196624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; content:"GET"; http_method; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/main/document.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333515)"; flow:established,from_client; content:"GET"; http_method; content:"/0xrose/rose-stealer_old/zip/refs/heads/main"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333515/; classtype:trojan-activity;sid:84196615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; content:"GET"; http_method; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; content:"GET"; http_method; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333507)"; flow:established,from_client; content:"GET"; http_method; content:"/lokelo1488/ss11/refs/heads/main/xdd.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333507/; classtype:trojan-activity;sid:84196607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333504)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/x86_64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333504/; classtype:trojan-activity;sid:84196604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; content:"GET"; http_method; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; content:"GET"; http_method; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333491)"; flow:established,from_client; content:"GET"; http_method; content:"/anonyketa/exm-tweaking-utility-premium/zip/refs/heads/main"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333491/; classtype:trojan-activity;sid:84196591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; content:"GET"; http_method; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; content:"GET"; http_method; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333479)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333479/; classtype:trojan-activity;sid:84196579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333476)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/mpsl"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333476/; classtype:trojan-activity;sid:84196576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar/setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333439)"; flow:established,from_client; content:"GET"; http_method; content:"/ytisf/thezoo/refs/heads/master/malware/binaries/ransomware.wannacry/ransomware.wannacry.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333439/; classtype:trojan-activity;sid:84196539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; content:"GET"; http_method; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.243.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333376/; classtype:trojan-activity;sid:84196476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333370)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/main/play.bin"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333370/; classtype:trojan-activity;sid:84196470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333368)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/refs/heads/main/my.bin"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333368/; classtype:trojan-activity;sid:84196468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333357)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333357/; classtype:trojan-activity;sid:84196457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333347)"; flow:established,from_client; content:"GET"; http_method; content:"/ranjitgandhi2/fff/raw/main/play.bin"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333347/; classtype:trojan-activity;sid:84196447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/raw/master/donut.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333353)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333353/; classtype:trojan-activity;sid:84196453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333340)"; flow:established,from_client; content:"GET"; http_method; content:"/new-codder/test/raw/refs/heads/main/my.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333340/; classtype:trojan-activity;sid:84196440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333322)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333322/; classtype:trojan-activity;sid:84196422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332958)"; flow:established,from_client; content:"GET"; http_method; content:"/kidxnox/image-logger/refs/heads/main/image%20logger.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332958/; classtype:trojan-activity;sid:84196058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332942)"; flow:established,from_client; content:"GET"; http_method; content:"/darkneonglitch/prooes/refs/heads/main/sync.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332942/; classtype:trojan-activity;sid:84196042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332925)"; flow:established,from_client; content:"GET"; http_method; content:"/kidxnox/image-logger/raw/refs/heads/main/image%20logger.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332925/; classtype:trojan-activity;sid:84196025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332902)"; flow:established,from_client; content:"GET"; http_method; content:"/rviance/ubiquitous-fortnight/releases/download/toolwin/toolwin.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332902/; classtype:trojan-activity;sid:84196002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332844)"; flow:established,from_client; content:"GET"; http_method; content:"/get/19f3c14691d28ab174a7935987ce2182/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"loader.oxy.st"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332844/; classtype:trojan-activity;sid:84195944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332833)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/refs/heads/main/crack.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332833/; classtype:trojan-activity;sid:84195933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332789)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332789/; classtype:trojan-activity;sid:84195889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/main/critscript.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/system.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332765)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332765/; classtype:trojan-activity;sid:84195865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332762)"; flow:established,from_client; content:"GET"; http_method; content:"/trafunny/malware-file/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332762/; classtype:trojan-activity;sid:84195862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332763)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/am/refs/heads/main/runtimebroker.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332763/; classtype:trojan-activity;sid:84195863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332761)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/refs/heads/main/jrockekcurje.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332761/; classtype:trojan-activity;sid:84195861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332758)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/refs/heads/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332758/; classtype:trojan-activity;sid:84195858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332759)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/am/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332759/; classtype:trojan-activity;sid:84195859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332753)"; flow:established,from_client; content:"GET"; http_method; content:"/mohammedsalmannnnnnn/laughing-train/raw/refs/heads/main/client-built.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332753/; classtype:trojan-activity;sid:84195853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332754)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332754/; classtype:trojan-activity;sid:84195854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332755)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/raw/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332755/; classtype:trojan-activity;sid:84195855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332752)"; flow:established,from_client; content:"GET"; http_method; content:"/waynesson/rocitizens/raw/refs/heads/main/client-built.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332752/; classtype:trojan-activity;sid:84195852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332751)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332751/; classtype:trojan-activity;sid:84195851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332746)"; flow:established,from_client; content:"GET"; http_method; content:"/akumaheo/heoe/refs/heads/main/heo.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332746/; classtype:trojan-activity;sid:84195846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332747)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/raw/refs/heads/main/2klz.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332747/; classtype:trojan-activity;sid:84195847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332668)"; flow:established,from_client; content:"GET"; http_method; content:"/akumaheo/heoe/raw/refs/heads/main/heo.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332668/; classtype:trojan-activity;sid:84195768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/popapoers.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331850)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/pfntjejghjsdkr.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331850/; classtype:trojan-activity;sid:84194950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/vikings.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331712)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/dwdwadwa/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331712/; classtype:trojan-activity;sid:84194812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331708)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331708/; classtype:trojan-activity;sid:84194808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331709)"; flow:established,from_client; content:"GET"; http_method; content:"/faokun1/aaa/main/client-built.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331709/; classtype:trojan-activity;sid:84194809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331705)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/main/client-built.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331705/; classtype:trojan-activity;sid:84194805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331675)"; flow:established,from_client; content:"GET"; http_method; content:"/api/aq_course/app/v2/course/addstudylog/client_built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"agapi.cqjjb.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331675/; classtype:trojan-activity;sid:84194775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; content:"GET"; http_method; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/master/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331672)"; flow:established,from_client; content:"GET"; http_method; content:"/evil-d-e-v/m/refs/heads/main/xclient.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331672/; classtype:trojan-activity;sid:84194772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331665)"; flow:established,from_client; content:"GET"; http_method; content:"/abhidadatg/worm/refs/heads/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331665/; classtype:trojan-activity;sid:84194765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331667)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331667/; classtype:trojan-activity;sid:84194767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331661)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331661/; classtype:trojan-activity;sid:84194761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; content:"GET"; http_method; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; content:"GET"; http_method; content:"/jikoos/rrr/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331644)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/wrwrwr/main/xclient.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331644/; classtype:trojan-activity;sid:84194744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331643)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/adad/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331643/; classtype:trojan-activity;sid:84194743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331638)"; flow:established,from_client; content:"GET"; http_method; content:"/lohoainam/-at/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331638/; classtype:trojan-activity;sid:84194738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331640)"; flow:established,from_client; content:"GET"; http_method; content:"/whois-black/qew123/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331640/; classtype:trojan-activity;sid:84194740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331637)"; flow:established,from_client; content:"GET"; http_method; content:"/goldhourse/optimizer/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331637/; classtype:trojan-activity;sid:84194737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331636)"; flow:established,from_client; content:"GET"; http_method; content:"/paco321312312/cautious-sniffle/main/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331636/; classtype:trojan-activity;sid:84194736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331631)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient543/miniature-tribble/main/xclient.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331631/; classtype:trojan-activity;sid:84194731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; content:"GET"; http_method; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331628)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/fsfsf/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331628/; classtype:trojan-activity;sid:84194728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; content:"GET"; http_method; content:"/cheetz/nishang/master/gather/keylogger.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; content:"GET"; http_method; content:"/cookieskush/pip-package-template/master/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331578)"; flow:established,from_client; content:"GET"; http_method; content:"/waynesson/rocitizens/refs/heads/main/client-built.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331578/; classtype:trojan-activity;sid:84194678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331577)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331577/; classtype:trojan-activity;sid:84194677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331572)"; flow:established,from_client; content:"GET"; http_method; content:"/anglewings-lua/anglewings/main/petya.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331572/; classtype:trojan-activity;sid:84194672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331544)"; flow:established,from_client; content:"GET"; http_method; content:"/travel/1.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nabawitransport.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331544/; classtype:trojan-activity;sid:84194644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331501)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10wux24m2koxctzbcelr2d3t8tyb8y6dq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331501/; classtype:trojan-activity;sid:84194601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331502)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1unu9ydyxvbsgdas_xzewlzcaiv6o_qdt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331502/; classtype:trojan-activity;sid:84194602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331503)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b3mrgxuzwdg46exhp6a71yeymlvrmabx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331503/; classtype:trojan-activity;sid:84194603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nvsn7w4epo6u8ru3bheum2fygvbg6fh4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331506/; classtype:trojan-activity;sid:84194606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331489)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-wql_iua-mylu2kiuyz-ib-5ggjqjqqp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331489/; classtype:trojan-activity;sid:84194589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331487)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/decqq-cf20a.appspot.com/o/donchifile_vchfujk91.bin|3f|alt=media|7c|26|7c|token=c2737a65-ff1c-436c-a6f0-11d3a748f62f"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331487/; classtype:trojan-activity;sid:84194587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319642)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319642/; classtype:trojan-activity;sid:84182742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319601)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/e/refs/heads/main/powershell.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319601/; classtype:trojan-activity;sid:84182701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318671)"; flow:established,from_client; content:"GET"; http_method; content:"/xbcer4er3/harleyquinn"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fundrescuetech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318671/; classtype:trojan-activity;sid:84181771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318665)"; flow:established,from_client; content:"GET"; http_method; content:"/xbcer4er3/ginny"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fundrescuetech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318665/; classtype:trojan-activity;sid:84181765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318666)"; flow:established,from_client; content:"GET"; http_method; content:"/xbcer4er3/pikachu"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fundrescuetech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318666/; classtype:trojan-activity;sid:84181766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318670)"; flow:established,from_client; content:"GET"; http_method; content:"/nonadoc/nonadoc/releases/download/defi_prive/anketa_miner"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318670/; classtype:trojan-activity;sid:84181770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318663)"; flow:established,from_client; content:"GET"; http_method; content:"/xbcer4er3/hotline"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fundrescuetech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318663/; classtype:trojan-activity;sid:84181763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318664)"; flow:established,from_client; content:"GET"; http_method; content:"/xbcer4er3/sonic"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fundrescuetech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318664/; classtype:trojan-activity;sid:84181764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318596)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"44.193.202.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318596/; classtype:trojan-activity;sid:84181696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318591)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318591/; classtype:trojan-activity;sid:84181691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318527)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318527/; classtype:trojan-activity;sid:84181627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318523)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"180.76.138.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318523/; classtype:trojan-activity;sid:84181623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318502)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318502/; classtype:trojan-activity;sid:84181602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; content:"GET"; http_method; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318199)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.elf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318199/; classtype:trojan-activity;sid:84181299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318198)"; flow:established,from_client; content:"GET"; http_method; content:"/anquangou.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318198/; classtype:trojan-activity;sid:84181298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318193)"; flow:established,from_client; content:"GET"; http_method; content:"/qqbg.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318193/; classtype:trojan-activity;sid:84181293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318194)"; flow:established,from_client; content:"GET"; http_method; content:"/notepad++.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318194/; classtype:trojan-activity;sid:84181294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318195)"; flow:established,from_client; content:"GET"; http_method; content:"/defender.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"39.102.210.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318195/; classtype:trojan-activity;sid:84181295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318147)"; flow:established,from_client; content:"GET"; http_method; content:"/grim_steak"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318147/; classtype:trojan-activity;sid:84181247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318146)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318146/; classtype:trojan-activity;sid:84181246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318144)"; flow:established,from_client; content:"GET"; http_method; content:"/netshhelper.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318144/; classtype:trojan-activity;sid:84181244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318145)"; flow:established,from_client; content:"GET"; http_method; content:"/agent"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.100.17.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3318145/; classtype:trojan-activity;sid:84181245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317638/; classtype:trojan-activity;sid:84180738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317497)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/media/thing2"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"divvanews.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317497/; classtype:trojan-activity;sid:84180597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.25.120.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316848/; classtype:trojan-activity;sid:84179948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.243.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316272/; classtype:trojan-activity;sid:84179372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.243.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316268/; classtype:trojan-activity;sid:84179368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316001/; classtype:trojan-activity;sid:84179101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3315843/; classtype:trojan-activity;sid:84178943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315252)"; flow:established,from_client; content:"GET"; http_method; content:"/office365/build.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315252/; classtype:trojan-activity;sid:84178352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315253)"; flow:established,from_client; content:"GET"; http_method; content:"/order/purchaseorder.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315253/; classtype:trojan-activity;sid:84178353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315254)"; flow:established,from_client; content:"GET"; http_method; content:"/order/putty.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315254/; classtype:trojan-activity;sid:84178354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312836)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312836/; classtype:trojan-activity;sid:84175936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312827)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312827/; classtype:trojan-activity;sid:84175927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312814)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312814/; classtype:trojan-activity;sid:84175914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312811)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312811/; classtype:trojan-activity;sid:84175911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312791)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312791/; classtype:trojan-activity;sid:84175891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3312792)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3312792/; classtype:trojan-activity;sid:84175892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.87.95.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_28; reference:url, urlhaus.abuse.ch/url/3309665/; classtype:trojan-activity;sid:84172765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3309033)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3309033/; classtype:trojan-activity;sid:84172133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308956)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.136.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308956/; classtype:trojan-activity;sid:84172056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308964)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.199.56.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308964/; classtype:trojan-activity;sid:84172064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308929)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308929/; classtype:trojan-activity;sid:84172029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308923)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308923/; classtype:trojan-activity;sid:84172023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.183.16.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308894)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.155.74.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308894/; classtype:trojan-activity;sid:84171994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308890)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"111.42.156.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308890/; classtype:trojan-activity;sid:84171990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308883)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308883/; classtype:trojan-activity;sid:84171983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308882)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"159.250.122.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308882/; classtype:trojan-activity;sid:84171982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308880)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.103.126.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308880/; classtype:trojan-activity;sid:84171980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308875/; classtype:trojan-activity;sid:84171975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308870)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"96.250.166.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308870/; classtype:trojan-activity;sid:84171970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308860)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.137.108.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308860/; classtype:trojan-activity;sid:84171960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308859)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.210.138.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308859/; classtype:trojan-activity;sid:84171959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308847/; classtype:trojan-activity;sid:84171947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308798)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr9p3dgxkblhu7h4jckclzmtlibwsiw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308798/; classtype:trojan-activity;sid:84171898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308461)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y0"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308461/; classtype:trojan-activity;sid:84171561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308462)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308462/; classtype:trojan-activity;sid:84171562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308464)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y2"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308464/; classtype:trojan-activity;sid:84171564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308465)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308465/; classtype:trojan-activity;sid:84171565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305535)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305535/; classtype:trojan-activity;sid:84168635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3304026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.109.209.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3304026/; classtype:trojan-activity;sid:84167126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303818)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hkvynldkcbdd50_bsw3s9tk5elbduxtg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303818/; classtype:trojan-activity;sid:84166918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.12.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3303092/; classtype:trojan-activity;sid:84166192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3301629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3301629/; classtype:trojan-activity;sid:84164729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/y.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300394)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/refs/heads/main/document.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300394/; classtype:trojan-activity;sid:84163494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300390)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/pasrem13.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300390/; classtype:trojan-activity;sid:84163490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300391)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/nov13"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300391/; classtype:trojan-activity;sid:84163491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300392)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/rmspas.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300392/; classtype:trojan-activity;sid:84163492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300383)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/xclien.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300383/; classtype:trojan-activity;sid:84163483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300386)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/xeno"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300386/; classtype:trojan-activity;sid:84163486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/ud.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/t.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300373)"; flow:established,from_client; content:"GET"; http_method; content:"/elpastor24/shilajit2/refs/heads/main/xxx"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300373/; classtype:trojan-activity;sid:84163473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/u.xls"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300068)"; flow:established,from_client; content:"GET"; http_method; content:"/es.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pub-cdd0dd27ae6a4aee9841d397e0496374.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300068/; classtype:trojan-activity;sid:84163168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300064)"; flow:established,from_client; content:"GET"; http_method; content:"/faturas.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pub-92c456788ff540628e0e809709842c78.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300064/; classtype:trojan-activity;sid:84163164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.166.231.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299053/; classtype:trojan-activity;sid:84162153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297816/; classtype:trojan-activity;sid:84160916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297750)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt|3f|alt=media|7c|26|7c|token=703d87ea-0284-408f-b949-21b01138d2a5"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297750/; classtype:trojan-activity;sid:84160850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297335/; classtype:trojan-activity;sid:84160435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.253.55.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297290/; classtype:trojan-activity;sid:84160390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297269)"; flow:established,from_client; content:"GET"; http_method; content:"/wl_tp_extend_app_v1.0.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297269/; classtype:trojan-activity;sid:84160369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297261)"; flow:established,from_client; content:"GET"; http_method; content:"/wl_upgrade_new.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297261/; classtype:trojan-activity;sid:84160361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297247)"; flow:established,from_client; content:"GET"; http_method; content:"/my_upgrade_new.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297247/; classtype:trojan-activity;sid:84160347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297245)"; flow:established,from_client; content:"GET"; http_method; content:"/wait.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.42.31.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297245/; classtype:trojan-activity;sid:84160345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297067)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/y2neibvzn"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"api.ewfiles.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297067/; classtype:trojan-activity;sid:84160167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297053/; classtype:trojan-activity;sid:84160153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.174.150.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296987/; classtype:trojan-activity;sid:84160087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296922/; classtype:trojan-activity;sid:84160022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3296897/; classtype:trojan-activity;sid:84159997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296379)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.160.216.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296379/; classtype:trojan-activity;sid:84159479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296205)"; flow:established,from_client; content:"GET"; http_method; content:"/tsp/d3d10.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"88.209.197.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296205/; classtype:trojan-activity;sid:84159305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295108/; classtype:trojan-activity;sid:84158208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295109/; classtype:trojan-activity;sid:84158209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3295107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3295107/; classtype:trojan-activity;sid:84158207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294915)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294915/; classtype:trojan-activity;sid:84158015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294914)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294914/; classtype:trojan-activity;sid:84158014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294912)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshowa.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294912/; classtype:trojan-activity;sid:84158012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294906)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.218.114.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294906/; classtype:trojan-activity;sid:84158006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294880)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/e7vtebfe2qdfbjt87nvhu/oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=54p6fzmx3c1eovd1btwzy0re4|7c|26|7c|st=npm5oi4l|7c|26|7c|dl=0"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294880/; classtype:trojan-activity;sid:84157980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294879)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/4qoef01jqan8sczprj79o/1oficio-de-notificaci-n-ejectr-nica-cendo-rama-judicial-de-la-rep-blica-de-colombia.tar.cab.tar.001|3f|rlkey=8px38d88qrq4ssw54132v5ke2|7c|26|7c|st=gg5nhz4s|7c|26|7c|dl=0"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294879/; classtype:trojan-activity;sid:84157979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293584/; classtype:trojan-activity;sid:84156684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293544/; classtype:trojan-activity;sid:84156644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.33.239.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_17; reference:url, urlhaus.abuse.ch/url/3293525/; classtype:trojan-activity;sid:84156625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.181.28.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293160/; classtype:trojan-activity;sid:84156260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3293016)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.64.128.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3293016/; classtype:trojan-activity;sid:84156116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.181.114.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_16; reference:url, urlhaus.abuse.ch/url/3292725/; classtype:trojan-activity;sid:84155825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291910)"; flow:established,from_client; content:"GET"; http_method; content:"/3911_wz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wz.3911.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291910/; classtype:trojan-activity;sid:84155010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291669)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.141.245.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291669/; classtype:trojan-activity;sid:84154769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.126.138.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291525/; classtype:trojan-activity;sid:84154625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.98.201.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289570/; classtype:trojan-activity;sid:84152670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289546/; classtype:trojan-activity;sid:84152646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.12.77.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289467/; classtype:trojan-activity;sid:84152567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.255.216.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289466/; classtype:trojan-activity;sid:84152566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289463/; classtype:trojan-activity;sid:84152563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289456/; classtype:trojan-activity;sid:84152556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.39.20.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289458/; classtype:trojan-activity;sid:84152558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289004)"; flow:established,from_client; content:"GET"; http_method; content:"/clip/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289004/; classtype:trojan-activity;sid:84152104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289001/; classtype:trojan-activity;sid:84152101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.21.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288922/; classtype:trojan-activity;sid:84152022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.180.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288919/; classtype:trojan-activity;sid:84152019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.58.80.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288305/; classtype:trojan-activity;sid:84151405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.42.55.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288299/; classtype:trojan-activity;sid:84151399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.64.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288303/; classtype:trojan-activity;sid:84151403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.9.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3288297/; classtype:trojan-activity;sid:84151397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287699)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.137.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287699/; classtype:trojan-activity;sid:84150799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.201.197.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287647/; classtype:trojan-activity;sid:84150747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287639/; classtype:trojan-activity;sid:84150739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.171.188.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287640/; classtype:trojan-activity;sid:84150740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287641/; classtype:trojan-activity;sid:84150741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287642/; classtype:trojan-activity;sid:84150742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287643/; classtype:trojan-activity;sid:84150743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.233.95.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287644/; classtype:trojan-activity;sid:84150744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.166.191.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287645/; classtype:trojan-activity;sid:84150745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.121.12.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287632/; classtype:trojan-activity;sid:84150732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.127.218.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287636/; classtype:trojan-activity;sid:84150736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287637/; classtype:trojan-activity;sid:84150737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287459)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.8.81.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287459/; classtype:trojan-activity;sid:84150559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.20.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286969/; classtype:trojan-activity;sid:84150069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286828/; classtype:trojan-activity;sid:84149928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.73.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286822/; classtype:trojan-activity;sid:84149922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286695)"; flow:established,from_client; content:"GET"; http_method; content:"/amidaware/rmmagent/releases/download/v2.8.0/tacticalagent-v2.8.0-windows-amd64.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286695/; classtype:trojan-activity;sid:84149795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286583)"; flow:established,from_client; content:"GET"; http_method; content:"/sistemas/archivos/unico-venta3401005.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.flechabusretiro.com.ar"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286583/; classtype:trojan-activity;sid:84149683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286514)"; flow:established,from_client; content:"GET"; http_method; content:"/download/xiaohu.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.51.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286514/; classtype:trojan-activity;sid:84149614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286510)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"103.167.89.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286510/; classtype:trojan-activity;sid:84149610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.244.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286371/; classtype:trojan-activity;sid:84149471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.212.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286370/; classtype:trojan-activity;sid:84149470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"132.255.117.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286368/; classtype:trojan-activity;sid:84149468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.160.164.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286361/; classtype:trojan-activity;sid:84149461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286204)"; flow:established,from_client; content:"GET"; http_method; content:"/dutch.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286204/; classtype:trojan-activity;sid:84149304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286205)"; flow:established,from_client; content:"GET"; http_method; content:"/1010.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286205/; classtype:trojan-activity;sid:84149305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286206)"; flow:established,from_client; content:"GET"; http_method; content:"/xt.png"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286206/; classtype:trojan-activity;sid:84149306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286207)"; flow:established,from_client; content:"GET"; http_method; content:"/gold.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286207/; classtype:trojan-activity;sid:84149307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286208)"; flow:established,from_client; content:"GET"; http_method; content:"/oldxteam.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286208/; classtype:trojan-activity;sid:84149308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286209)"; flow:established,from_client; content:"GET"; http_method; content:"/sae.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.26.192.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286209/; classtype:trojan-activity;sid:84149309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286096)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ha7dur10.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286096/; classtype:trojan-activity;sid:84149196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286094)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gaozw40v.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286094/; classtype:trojan-activity;sid:84149194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286095)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/41m98slk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286095/; classtype:trojan-activity;sid:84149195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286093)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88851n80.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286093/; classtype:trojan-activity;sid:84149193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286091)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/99awhy8l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286091/; classtype:trojan-activity;sid:84149191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286090)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2r61ahry.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286090/; classtype:trojan-activity;sid:84149190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286088)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286088/; classtype:trojan-activity;sid:84149188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286089)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286089/; classtype:trojan-activity;sid:84149189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286087)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286087/; classtype:trojan-activity;sid:84149187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286086)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286086/; classtype:trojan-activity;sid:84149186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286065)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/refs/heads/main/shellcodeany.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286065/; classtype:trojan-activity;sid:84149165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286058)"; flow:established,from_client; content:"GET"; http_method; content:"/showqa/xt/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286058/; classtype:trojan-activity;sid:84149158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.113.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3285683/; classtype:trojan-activity;sid:84148783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.162.59.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285433/; classtype:trojan-activity;sid:84148533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284809)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ohtie89k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284809/; classtype:trojan-activity;sid:84147909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284805)"; flow:established,from_client; content:"GET"; http_method; content:"/lego/ama.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284805/; classtype:trojan-activity;sid:84147905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284802)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/88aext0k.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284802/; classtype:trojan-activity;sid:84147902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284803)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ji2xlo1f.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284803/; classtype:trojan-activity;sid:84147903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284801)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284801/; classtype:trojan-activity;sid:84147901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284800)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/sgx4824p.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284800/; classtype:trojan-activity;sid:84147900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284799)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bqkriy6l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284799/; classtype:trojan-activity;sid:84147899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284798)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7cl16anh.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284798/; classtype:trojan-activity;sid:84147898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284797)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uctgkfb7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284797/; classtype:trojan-activity;sid:84147897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284785)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284785/; classtype:trojan-activity;sid:84147885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284781)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284781/; classtype:trojan-activity;sid:84147881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284773)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284773/; classtype:trojan-activity;sid:84147873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284769)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284769/; classtype:trojan-activity;sid:84147869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284766)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284766/; classtype:trojan-activity;sid:84147866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284758)"; flow:established,from_client; content:"GET"; http_method; content:"/68b591d6548ec281/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.215.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284758/; classtype:trojan-activity;sid:84147858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284749)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/f86nrrc6.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284749/; classtype:trojan-activity;sid:84147849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284404)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.89.112.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284404/; classtype:trojan-activity;sid:84147504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284173)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284173/; classtype:trojan-activity;sid:84147273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3284172)"; flow:established,from_client; content:"GET"; http_method; content:"/fru7nk9/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3284172/; classtype:trojan-activity;sid:84147272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283570)"; flow:established,from_client; content:"GET"; http_method; content:"/readme/glued.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"armanayegh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283570/; classtype:trojan-activity;sid:84146670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3283560)"; flow:established,from_client; content:"GET"; http_method; content:"/readme/bin.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"armanayegh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_09; reference:url, urlhaus.abuse.ch/url/3283560/; classtype:trojan-activity;sid:84146660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3282120)"; flow:established,from_client; content:"GET"; http_method; content:"/mysql.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3282120/; classtype:trojan-activity;sid:84145220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281578)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/client.exe.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281578/; classtype:trojan-activity;sid:84144678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281577)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/dsetup.dll.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281577/; classtype:trojan-activity;sid:84144677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281415/; classtype:trojan-activity;sid:84144515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280713)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/main/arm7"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280713/; classtype:trojan-activity;sid:84143813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; content:"GET"; http_method; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280217)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.4.36.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280217/; classtype:trojan-activity;sid:84143317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280205)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.38.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280205/; classtype:trojan-activity;sid:84143305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280151)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.100.70.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280151/; classtype:trojan-activity;sid:84143251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279845)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe|3f|9i"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279845/; classtype:trojan-activity;sid:84142945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279844)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe|3f|y"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3279844/; classtype:trojan-activity;sid:84142944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278974)"; flow:established,from_client; content:"GET"; http_method; content:"/cdb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278974/; classtype:trojan-activity;sid:84142074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278970)"; flow:established,from_client; content:"GET"; http_method; content:"/c.bin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278970/; classtype:trojan-activity;sid:84142070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278965)"; flow:established,from_client; content:"GET"; http_method; content:"/calc.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278965/; classtype:trojan-activity;sid:84142065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278966)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"downsexv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278966/; classtype:trojan-activity;sid:84142066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3yh8gdte.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278844/; classtype:trojan-activity;sid:84141944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278826)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jb4w5s2l.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278826/; classtype:trojan-activity;sid:84141926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/6nteyex7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278828/; classtype:trojan-activity;sid:84141928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278579)"; flow:established,from_client; content:"GET"; http_method; content:"/felikzig/wdt/refs/heads/main/collosalloader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278579/; classtype:trojan-activity;sid:84141679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278577)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/refs/heads/main/2klz.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278577/; classtype:trojan-activity;sid:84141677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278578)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/refs/heads/main/runtimebroker.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278578/; classtype:trojan-activity;sid:84141678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278575)"; flow:established,from_client; content:"GET"; http_method; content:"/endity123/fivem-spoofer/main/reaper%20cfx%20spoofer%20v2.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278575/; classtype:trojan-activity;sid:84141675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278566)"; flow:established,from_client; content:"GET"; http_method; content:"/unix-cmd/dev/main/discord.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278566/; classtype:trojan-activity;sid:84141666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278571)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278571/; classtype:trojan-activity;sid:84141671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278559)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidisigmer/fncleanerv2/releases/download/cleanerv2/cleanerv2.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278559/; classtype:trojan-activity;sid:84141659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278560)"; flow:established,from_client; content:"GET"; http_method; content:"/sleepysnz/skibidi/archive/refs/heads/main.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278560/; classtype:trojan-activity;sid:84141660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278558)"; flow:established,from_client; content:"GET"; http_method; content:"/bonsko216/1/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278558/; classtype:trojan-activity;sid:84141658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278044)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j4vzzuai.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278044/; classtype:trojan-activity;sid:84141144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278043/; classtype:trojan-activity;sid:84141143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.134.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278019/; classtype:trojan-activity;sid:84141119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.201.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276853)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/raw/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276853/; classtype:trojan-activity;sid:84139953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276854)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276854/; classtype:trojan-activity;sid:84139954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276855)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276855/; classtype:trojan-activity;sid:84139955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276842)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276842/; classtype:trojan-activity;sid:84139942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276845)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276845/; classtype:trojan-activity;sid:84139945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276847)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276847/; classtype:trojan-activity;sid:84139947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276848)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276848/; classtype:trojan-activity;sid:84139948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276839)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe/"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276839/; classtype:trojan-activity;sid:84139939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276833)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276833/; classtype:trojan-activity;sid:84139933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276829)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276829/; classtype:trojan-activity;sid:84139929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276831)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276831/; classtype:trojan-activity;sid:84139931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276824)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276824/; classtype:trojan-activity;sid:84139924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276712)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gdn5yfjd.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276712/; classtype:trojan-activity;sid:84139812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276706)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/feb9sxwk.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276706/; classtype:trojan-activity;sid:84139806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276607)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/18ijuw13.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276607/; classtype:trojan-activity;sid:84139707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276414)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kmvcsaed.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276414/; classtype:trojan-activity;sid:84139514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276354)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/7777.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276354/; classtype:trojan-activity;sid:84139454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275784)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/myrdx.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275784/; classtype:trojan-activity;sid:84138884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275661)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1leawzinny0otn692olyowavbzv4iveup"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275661/; classtype:trojan-activity;sid:84138761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275662)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16z2gvd5s8diouvqouq99hwjk2tfvmiwx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275662/; classtype:trojan-activity;sid:84138762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275657)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1huotbd1zjmnea4wg46v7jnontoz7cpfk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275657/; classtype:trojan-activity;sid:84138757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275247)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=162fomrp1wzqrlitdgp2spt1ubzpwj5ox"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275247/; classtype:trojan-activity;sid:84138347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3274957/; classtype:trojan-activity;sid:84138057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.23.51.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274647/; classtype:trojan-activity;sid:84137747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274634/; classtype:trojan-activity;sid:84137734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274635/; classtype:trojan-activity;sid:84137735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.41.182.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274607/; classtype:trojan-activity;sid:84137707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.104.33.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274602/; classtype:trojan-activity;sid:84137702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274591/; classtype:trojan-activity;sid:84137691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.226.28.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274592/; classtype:trojan-activity;sid:84137692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274276)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274276/; classtype:trojan-activity;sid:84137376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274278)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274278/; classtype:trojan-activity;sid:84137378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274246)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274246/; classtype:trojan-activity;sid:84137346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274248)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274248/; classtype:trojan-activity;sid:84137348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274249)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274249/; classtype:trojan-activity;sid:84137349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274250)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274250/; classtype:trojan-activity;sid:84137350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274252)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274252/; classtype:trojan-activity;sid:84137352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274254)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274254/; classtype:trojan-activity;sid:84137354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274255)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274255/; classtype:trojan-activity;sid:84137355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274256)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274256/; classtype:trojan-activity;sid:84137356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274257)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274257/; classtype:trojan-activity;sid:84137357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274261)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274261/; classtype:trojan-activity;sid:84137361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274262)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274262/; classtype:trojan-activity;sid:84137362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274269)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274269/; classtype:trojan-activity;sid:84137369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274271)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"twizthash.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274271/; classtype:trojan-activity;sid:84137371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274046)"; flow:established,from_client; content:"GET"; http_method; content:"/skarsys/assaultcubecheat/main/spoofy.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274046/; classtype:trojan-activity;sid:84137146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274002)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274002/; classtype:trojan-activity;sid:84137102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273981)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273981/; classtype:trojan-activity;sid:84137081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273982)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273982/; classtype:trojan-activity;sid:84137082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273983)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273983/; classtype:trojan-activity;sid:84137083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273984)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273984/; classtype:trojan-activity;sid:84137084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273987)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273987/; classtype:trojan-activity;sid:84137087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273989)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273989/; classtype:trojan-activity;sid:84137089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273990)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273990/; classtype:trojan-activity;sid:84137090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273994)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273994/; classtype:trojan-activity;sid:84137094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273996)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273996/; classtype:trojan-activity;sid:84137096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273997)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273997/; classtype:trojan-activity;sid:84137097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273998)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273998/; classtype:trojan-activity;sid:84137098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273999)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273999/; classtype:trojan-activity;sid:84137099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273949)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85-95-173-28.saransk.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273949/; classtype:trojan-activity;sid:84137049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273941)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273941/; classtype:trojan-activity;sid:84137041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273935)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/gestor%20de%20pedidos.apk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273935/; classtype:trojan-activity;sid:84137035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273937)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ae/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273937/; classtype:trojan-activity;sid:84137037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273928)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/bb.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273928/; classtype:trojan-activity;sid:84137028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273930)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"download-winsdownload-wins.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273930/; classtype:trojan-activity;sid:84137030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273931)"; flow:established,from_client; content:"GET"; http_method; content:"/donw2023/ad/main/ready.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273931/; classtype:trojan-activity;sid:84137031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273911)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273911/; classtype:trojan-activity;sid:84137011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273912)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273912/; classtype:trojan-activity;sid:84137012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273913)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273913/; classtype:trojan-activity;sid:84137013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273914)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273914/; classtype:trojan-activity;sid:84137014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273915)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273915/; classtype:trojan-activity;sid:84137015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273907)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273907/; classtype:trojan-activity;sid:84137007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273908)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273908/; classtype:trojan-activity;sid:84137008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273909)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273909/; classtype:trojan-activity;sid:84137009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273906)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273906/; classtype:trojan-activity;sid:84137006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273903)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273903/; classtype:trojan-activity;sid:84137003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273888)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273888/; classtype:trojan-activity;sid:84136988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273889)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273889/; classtype:trojan-activity;sid:84136989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273408)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ldqj18tn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273408/; classtype:trojan-activity;sid:84136508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273406)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build555.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273406/; classtype:trojan-activity;sid:84136506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273407)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/psfei0ez.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273407/; classtype:trojan-activity;sid:84136507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273403)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installer.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273403/; classtype:trojan-activity;sid:84136503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273398)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build11.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273398/; classtype:trojan-activity;sid:84136498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/123.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273314/; classtype:trojan-activity;sid:84136414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/87f3f2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273308/; classtype:trojan-activity;sid:84136408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273161)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hhnjqu9y.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273161/; classtype:trojan-activity;sid:84136261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273148)"; flow:established,from_client; content:"GET"; http_method; content:"/store/vidar.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273148/; classtype:trojan-activity;sid:84136248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273131)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.95.173.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273131/; classtype:trojan-activity;sid:84136231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272091)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/raw/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272091/; classtype:trojan-activity;sid:84135191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272094)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/refs/heads/main/jjsploit_8.10.7_x64-setup.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272094/; classtype:trojan-activity;sid:84135194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272090)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/jjsploit/refs/heads/main/file_jjsploit"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272090/; classtype:trojan-activity;sid:84135190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272077)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/actualka/refs/heads/main/file"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272077/; classtype:trojan-activity;sid:84135177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272071)"; flow:established,from_client; content:"GET"; http_method; content:"/_files/archives/3a0432_20f7bb04cf594d18b1df2c723ba97835.zip|3f|dn=!%20chromer%20updaters.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"www.rphingenieria.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272071/; classtype:trojan-activity;sid:84135171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272008)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool7.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272008/; classtype:trojan-activity;sid:84135108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272005)"; flow:established,from_client; content:"GET"; http_method; content:"/autoc3pool.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c3poolbat.oss-accelerate.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272005/; classtype:trojan-activity;sid:84135105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271910)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271910/; classtype:trojan-activity;sid:84135010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271694)"; flow:established,from_client; content:"GET"; http_method; content:"/rlaz.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271694/; classtype:trojan-activity;sid:84134794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271692)"; flow:established,from_client; content:"GET"; http_method; content:"/vc17x64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271692/; classtype:trojan-activity;sid:84134792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271691)"; flow:established,from_client; content:"GET"; http_method; content:"/pchunter64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271691/; classtype:trojan-activity;sid:84134791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271689)"; flow:established,from_client; content:"GET"; http_method; content:"/pm3100.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271689/; classtype:trojan-activity;sid:84134789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271681)"; flow:established,from_client; content:"GET"; http_method; content:"/x210.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271681/; classtype:trojan-activity;sid:84134781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271683)"; flow:established,from_client; content:"GET"; http_method; content:"/ydcx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271683/; classtype:trojan-activity;sid:84134783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271684)"; flow:established,from_client; content:"GET"; http_method; content:"/smb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271684/; classtype:trojan-activity;sid:84134784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271679)"; flow:established,from_client; content:"GET"; http_method; content:"/rlpb15.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271679/; classtype:trojan-activity;sid:84134779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271680)"; flow:established,from_client; content:"GET"; http_method; content:"/hydkj.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271680/; classtype:trojan-activity;sid:84134780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271675)"; flow:established,from_client; content:"GET"; http_method; content:"/autoruns.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271675/; classtype:trojan-activity;sid:84134775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271673)"; flow:established,from_client; content:"GET"; http_method; content:"/cysoft/winrarx64521sc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271673/; classtype:trojan-activity;sid:84134773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271672)"; flow:established,from_client; content:"GET"; http_method; content:"/hdtune.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271672/; classtype:trojan-activity;sid:84134772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271664)"; flow:established,from_client; content:"GET"; http_method; content:"/wblog.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271664/; classtype:trojan-activity;sid:84134764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271666)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271666/; classtype:trojan-activity;sid:84134766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271633)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271633/; classtype:trojan-activity;sid:84134733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271632)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271632/; classtype:trojan-activity;sid:84134732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271630)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271630/; classtype:trojan-activity;sid:84134730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271626)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271626/; classtype:trojan-activity;sid:84134726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271627)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271627/; classtype:trojan-activity;sid:84134727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271628)"; flow:established,from_client; content:"GET"; http_method; content:"/furystorage/api/raw/main/svchost.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271628/; classtype:trojan-activity;sid:84134728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271629)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271629/; classtype:trojan-activity;sid:84134729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271618)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"122.51.183.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271618/; classtype:trojan-activity;sid:84134718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271613)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271613/; classtype:trojan-activity;sid:84134713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271608)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271608/; classtype:trojan-activity;sid:84134708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; content:"GET"; http_method; content:"/media/furystorage/api/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"media.githubusercontent.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271602)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a12xxx1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271602/; classtype:trojan-activity;sid:84134702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271603)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a19ccc1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271603/; classtype:trojan-activity;sid:84134703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271604)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a18qqq1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271604/; classtype:trojan-activity;sid:84134704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271601)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a23uuu1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271601/; classtype:trojan-activity;sid:84134701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271599)"; flow:established,from_client; content:"GET"; http_method; content:"/user337666/brow666/raw/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271599/; classtype:trojan-activity;sid:84134699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271597)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/thomson101/releases/download/role/svchost.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271597/; classtype:trojan-activity;sid:84134697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271598)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a15aaa1.oss-cn-hongkong.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271598/; classtype:trojan-activity;sid:84134698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271591)"; flow:established,from_client; content:"GET"; http_method; content:"/furystorage/api/raw/main/svchost.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271591/; classtype:trojan-activity;sid:84134691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271595)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/tempspooferxx/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271595/; classtype:trojan-activity;sid:84134695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271588)"; flow:established,from_client; content:"GET"; http_method; content:"/charshop/sigma-nonrat/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271588/; classtype:trojan-activity;sid:84134688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271370)"; flow:established,from_client; content:"GET"; http_method; content:"/stressedb/redengine/main/loader.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271370/; classtype:trojan-activity;sid:84134470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271290)"; flow:established,from_client; content:"GET"; http_method; content:"/-/project/21762009/uploads/c4f32a8d91f0b95a33e7d8a2715f2c1c/slunkcrypt.2024-06-08.windows.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271290/; classtype:trojan-activity;sid:84134390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271206)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271206/; classtype:trojan-activity;sid:84134306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271172)"; flow:established,from_client; content:"GET"; http_method; content:"/aboriginal/downloads/binaries/cross-compiler-m68k.tar.gz"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"landley.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271172/; classtype:trojan-activity;sid:84134272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271005)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yxrd0ob7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271005/; classtype:trojan-activity;sid:84134105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270748)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270748/; classtype:trojan-activity;sid:84133848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270747)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270747/; classtype:trojan-activity;sid:84133847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270746)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270746/; classtype:trojan-activity;sid:84133846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270744)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270744/; classtype:trojan-activity;sid:84133844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270741)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270741/; classtype:trojan-activity;sid:84133841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270200)"; flow:established,from_client; content:"GET"; http_method; content:"/c3pool/winring0x64.sys"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"c3poolbat2.oss-ap-northeast-1.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270200/; classtype:trojan-activity;sid:84133300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270198)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/edadf5dc5ec04c578e24f68006fad2b4.sys"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270198/; classtype:trojan-activity;sid:84133298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; content:"GET"; http_method; content:"/silenthashik/winring/raw/main/winring0x64.sys"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270187)"; flow:established,from_client; content:"GET"; http_method; content:"/irusanov/zenstates-core/raw/master/winring0x64.sys"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270187/; classtype:trojan-activity;sid:84133287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270190)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mymin11.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270190/; classtype:trojan-activity;sid:84133290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270080)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/j86piuq9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270080/; classtype:trojan-activity;sid:84133180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270079)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bwapp.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270079/; classtype:trojan-activity;sid:84133179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270077)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/0b44ippu.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270077/; classtype:trojan-activity;sid:84133177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270078)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5gevcp8z.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270078/; classtype:trojan-activity;sid:84133178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270075)"; flow:established,from_client; content:"GET"; http_method; content:"/store/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270075/; classtype:trojan-activity;sid:84133175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270076)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/chicken123.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270076/; classtype:trojan-activity;sid:84133176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270073)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dsds.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270073/; classtype:trojan-activity;sid:84133173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270074)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/final.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270074/; classtype:trojan-activity;sid:84133174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270072)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xyaw4fkp.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270072/; classtype:trojan-activity;sid:84133172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270070)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270070/; classtype:trojan-activity;sid:84133170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270071)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/golden.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270071/; classtype:trojan-activity;sid:84133171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270069)"; flow:established,from_client; content:"GET"; http_method; content:"/test/do.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270069/; classtype:trojan-activity;sid:84133169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270056)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kp8dnpa9.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270056/; classtype:trojan-activity;sid:84133156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270057)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zts.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270057/; classtype:trojan-activity;sid:84133157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270052)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/h5a71wdy.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270052/; classtype:trojan-activity;sid:84133152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269954)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/tn8cdkzn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269954/; classtype:trojan-activity;sid:84133054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269837)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/v7wa24td.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269837/; classtype:trojan-activity;sid:84132937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269831)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new_v8.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269831/; classtype:trojan-activity;sid:84132931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269827)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rdx123456.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269827/; classtype:trojan-activity;sid:84132927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269828)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gold1234.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269828/; classtype:trojan-activity;sid:84132928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269829)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269829/; classtype:trojan-activity;sid:84132929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269824)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269824/; classtype:trojan-activity;sid:84132924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269823)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient543/upgraded-sniffle/main/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269823/; classtype:trojan-activity;sid:84132923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269816)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269816/; classtype:trojan-activity;sid:84132916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269817)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/cripting/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269817/; classtype:trojan-activity;sid:84132917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269818)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/raw/main/xclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269818/; classtype:trojan-activity;sid:84132918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269819)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/refs/heads/main/xclient.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269819/; classtype:trojan-activity;sid:84132919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269820)"; flow:established,from_client; content:"GET"; http_method; content:"/uspat/capybara_jar/raw/main/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269820/; classtype:trojan-activity;sid:84132920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269822)"; flow:established,from_client; content:"GET"; http_method; content:"/babadura123/banana/raw/refs/heads/main/xclient.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269822/; classtype:trojan-activity;sid:84132922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269788)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/master/xclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269788/; classtype:trojan-activity;sid:84132888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269789)"; flow:established,from_client; content:"GET"; http_method; content:"/framzzzzz/dont-use/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269789/; classtype:trojan-activity;sid:84132889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269792)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269792/; classtype:trojan-activity;sid:84132892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269795)"; flow:established,from_client; content:"GET"; http_method; content:"/makslalp123/rakdj213/raw/master/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269795/; classtype:trojan-activity;sid:84132895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269796)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269796/; classtype:trojan-activity;sid:84132896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269798)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269798/; classtype:trojan-activity;sid:84132898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269800)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269800/; classtype:trojan-activity;sid:84132900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269802)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot2/refs/heads/main/xclient.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269802/; classtype:trojan-activity;sid:84132902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269803)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269803/; classtype:trojan-activity;sid:84132903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269804)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/raw/main/xclient.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269804/; classtype:trojan-activity;sid:84132904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269807)"; flow:established,from_client; content:"GET"; http_method; content:"/smerttb2/xvpn/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269807/; classtype:trojan-activity;sid:84132907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269808)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/-/main/xclient.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269808/; classtype:trojan-activity;sid:84132908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269809)"; flow:established,from_client; content:"GET"; http_method; content:"/bodyblazexaa/dll/raw/main/xclient.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269809/; classtype:trojan-activity;sid:84132909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269810)"; flow:established,from_client; content:"GET"; http_method; content:"/helelehelafsdf163/batata/raw/refs/heads/main/xclient.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269810/; classtype:trojan-activity;sid:84132910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269811)"; flow:established,from_client; content:"GET"; http_method; content:"/minhdmkk6/bot1/raw/refs/heads/main/xclient.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269811/; classtype:trojan-activity;sid:84132911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269813)"; flow:established,from_client; content:"GET"; http_method; content:"/analhacker/htt/raw/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269813/; classtype:trojan-activity;sid:84132913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269785)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269785/; classtype:trojan-activity;sid:84132885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269786)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/refs/heads/main/xclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269786/; classtype:trojan-activity;sid:84132886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269787)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269787/; classtype:trojan-activity;sid:84132887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269762)"; flow:established,from_client; content:"GET"; http_method; content:"/jpntr/xworm-v5.2/zip/refs/heads/main"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269762/; classtype:trojan-activity;sid:84132862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269628)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/torrentold-1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"utorrent-servers.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269628/; classtype:trojan-activity;sid:84132728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269617)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.243.23.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269617/; classtype:trojan-activity;sid:84132717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3268242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_31; reference:url, urlhaus.abuse.ch/url/3268242/; classtype:trojan-activity;sid:84131342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3266091)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulah345/pizdaporc/raw/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3266091/; classtype:trojan-activity;sid:84129191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265884)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted25.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265884/; classtype:trojan-activity;sid:84128984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265708/; classtype:trojan-activity;sid:84128808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265182)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.108.142.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_29; reference:url, urlhaus.abuse.ch/url/3265182/; classtype:trojan-activity;sid:84128282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258049)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rcm_dcdedkd.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258049/; classtype:trojan-activity;sid:84121149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258050)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rcf_omfnorh.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258050/; classtype:trojan-activity;sid:84121150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258051)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/gpieisb.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258051/; classtype:trojan-activity;sid:84121151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258052)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/fffaemf.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258052/; classtype:trojan-activity;sid:84121152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258053)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/rooahio.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258053/; classtype:trojan-activity;sid:84121153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258054)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/araofkh.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258054/; classtype:trojan-activity;sid:84121154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258055)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/oahinkn.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258055/; classtype:trojan-activity;sid:84121155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258045)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/asy_dffaaep.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258045/; classtype:trojan-activity;sid:84121145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258046)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/iksjbpj.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258046/; classtype:trojan-activity;sid:84121146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258047)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/jaadkfh.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258047/; classtype:trojan-activity;sid:84121147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258048)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/bkpmdom.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258048/; classtype:trojan-activity;sid:84121148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258044)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/igapsme.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258044/; classtype:trojan-activity;sid:84121144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258042)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/domcfbs.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258042/; classtype:trojan-activity;sid:84121142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258043)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/krkmakc.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258043/; classtype:trojan-activity;sid:84121143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258034)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/xwmm_aakkhbm.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258034/; classtype:trojan-activity;sid:84121134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258032)"; flow:established,from_client; content:"GET"; http_method; content:"/caibe/fwga/refs/heads/main/apfjrdf.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258032/; classtype:trojan-activity;sid:84121132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257485)"; flow:established,from_client; content:"GET"; http_method; content:"/networks.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cat.xiaojiji.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257485/; classtype:trojan-activity;sid:84120585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257483)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/winring0x64.sys"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257483/; classtype:trojan-activity;sid:84120583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257466)"; flow:established,from_client; content:"GET"; http_method; content:"/networks.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cat.dashabi.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257466/; classtype:trojan-activity;sid:84120566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255220)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zxcv.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255220/; classtype:trojan-activity;sid:84118320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3255222)"; flow:established,from_client; content:"GET"; http_method; content:"/lumma/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3255222/; classtype:trojan-activity;sid:84118322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.233.48.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254671/; classtype:trojan-activity;sid:84117771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254248)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/pythonpathfixer/main/main.ps1"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254248/; classtype:trojan-activity;sid:84117348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254247)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/refs/heads/main/shellcode/loaderclient.ps1"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254247/; classtype:trojan-activity;sid:84117347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254229)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/releases/download/siu/stub.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254229/; classtype:trojan-activity;sid:84117329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254223)"; flow:established,from_client; content:"GET"; http_method; content:"/u6iko/do5a/raw/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254223/; classtype:trojan-activity;sid:84117323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254220)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/e/raw/refs/heads/main/powershell.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254220/; classtype:trojan-activity;sid:84117320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254039)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254039/; classtype:trojan-activity;sid:84117139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253392/; classtype:trojan-activity;sid:84116492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253376/; classtype:trojan-activity;sid:84116476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253356)"; flow:established,from_client; content:"GET"; http_method; content:"/adapt/cabbage"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"javierlopez.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253356/; classtype:trojan-activity;sid:84116456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3253057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.249.236.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3253057/; classtype:trojan-activity;sid:84116157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252968)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.74.184.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252968/; classtype:trojan-activity;sid:84116068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252970)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.210.236.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252970/; classtype:trojan-activity;sid:84116070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252640)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/ps/refs/heads/main/ps.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252640/; classtype:trojan-activity;sid:84115740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252637)"; flow:established,from_client; content:"GET"; http_method; content:"/razidvb/myfiles/refs/heads/main/loader.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252637/; classtype:trojan-activity;sid:84115737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252639)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/refs/heads/main/shellcodeany.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252639/; classtype:trojan-activity;sid:84115739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252635)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/ps/raw/refs/heads/main/ps.bin"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252635/; classtype:trojan-activity;sid:84115735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252632)"; flow:established,from_client; content:"GET"; http_method; content:"/zefordk/ikeya/raw/refs/heads/main/shellcodeany.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252632/; classtype:trojan-activity;sid:84115732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252634)"; flow:established,from_client; content:"GET"; http_method; content:"/razidvb/myfiles/raw/refs/heads/main/loader.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252634/; classtype:trojan-activity;sid:84115734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252488)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/mipsel"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252488/; classtype:trojan-activity;sid:84115588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252485)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/mips"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252485/; classtype:trojan-activity;sid:84115585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252486)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dhjif/refs/heads/main/armv7l"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252486/; classtype:trojan-activity;sid:84115586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252487)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/ksdeuf/refs/heads/main/animma.sh"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252487/; classtype:trojan-activity;sid:84115587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.87.112.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252200/; classtype:trojan-activity;sid:84115300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3251535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3251535/; classtype:trojan-activity;sid:84114635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250773)"; flow:established,from_client; content:"GET"; http_method; content:"/off/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250773/; classtype:trojan-activity;sid:84113873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250050)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_93.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sirault.be"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3250050/; classtype:trojan-activity;sid:84113150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249679)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/main/client-built.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249679/; classtype:trojan-activity;sid:84112779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249673)"; flow:established,from_client; content:"GET"; http_method; content:"/blazedbottle/rat/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249673/; classtype:trojan-activity;sid:84112773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249674)"; flow:established,from_client; content:"GET"; http_method; content:"/samllea1/gorebox-modmenu/raw/refs/heads/main/gorebox%20modmenu%201.2.0.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249674/; classtype:trojan-activity;sid:84112774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249671)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/raw/refs/heads/main/2klz.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249671/; classtype:trojan-activity;sid:84112771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249669)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/neverlose-loader/raw/refs/heads/main/neverlose%20loader.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249669/; classtype:trojan-activity;sid:84112769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3247566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_21; reference:url, urlhaus.abuse.ch/url/3247566/; classtype:trojan-activity;sid:84110666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246076)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"134.122.176.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246076/; classtype:trojan-activity;sid:84109176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246057)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246057/; classtype:trojan-activity;sid:84109157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245772)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.hta"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245772/; classtype:trojan-activity;sid:84108872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245755)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwaitsetuphockey.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245755/; classtype:trojan-activity;sid:84108855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245756)"; flow:established,from_client; content:"GET"; http_method; content:"/officialsevaluationold.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245756/; classtype:trojan-activity;sid:84108856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245737)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.252.159.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245737/; classtype:trojan-activity;sid:84108837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245553)"; flow:established,from_client; content:"GET"; http_method; content:"/fotonview.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245553/; classtype:trojan-activity;sid:84108653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245551)"; flow:established,from_client; content:"GET"; http_method; content:"/cameracomponent.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245551/; classtype:trojan-activity;sid:84108651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245550)"; flow:established,from_client; content:"GET"; http_method; content:"/evaluation.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245550/; classtype:trojan-activity;sid:84108650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245480)"; flow:established,from_client; content:"GET"; http_method; content:"/luma/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245480/; classtype:trojan-activity;sid:84108580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245479)"; flow:established,from_client; content:"GET"; http_method; content:"/off/random.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245479/; classtype:trojan-activity;sid:84108579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245074/; classtype:trojan-activity;sid:84108174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243505)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/creal.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243505/; classtype:trojan-activity;sid:84106605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243502)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/setup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243502/; classtype:trojan-activity;sid:84106602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243499)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svchost.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243499/; classtype:trojan-activity;sid:84106599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243497)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/qqq.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243497/; classtype:trojan-activity;sid:84106597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243489)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243489/; classtype:trojan-activity;sid:84106589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243486)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/main.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243486/; classtype:trojan-activity;sid:84106586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243482)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/splwow64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243482/; classtype:trojan-activity;sid:84106582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243479)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kill.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243479/; classtype:trojan-activity;sid:84106579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243478)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dcratbuild.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243478/; classtype:trojan-activity;sid:84106578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243469)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/soft2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243469/; classtype:trojan-activity;sid:84106569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243464)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/edge.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243464/; classtype:trojan-activity;sid:84106564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243455)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/frap.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243455/; classtype:trojan-activity;sid:84106555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243456)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ovrflw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243456/; classtype:trojan-activity;sid:84106556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243452)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243452/; classtype:trojan-activity;sid:84106552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243445)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243445/; classtype:trojan-activity;sid:84106545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243448)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxl.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243448/; classtype:trojan-activity;sid:84106548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243442)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/launcher.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243442/; classtype:trojan-activity;sid:84106542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243443)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cc2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243443/; classtype:trojan-activity;sid:84106543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243432)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hashed.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243432/; classtype:trojan-activity;sid:84106532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243431)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/probnik.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243431/; classtype:trojan-activity;sid:84106531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243412)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winx86.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243412/; classtype:trojan-activity;sid:84106512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243407)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewrvuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243407/; classtype:trojan-activity;sid:84106507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243406)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/major.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243406/; classtype:trojan-activity;sid:84106506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243400/; classtype:trojan-activity;sid:84106500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243393/; classtype:trojan-activity;sid:84106493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243388)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cccc2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243388/; classtype:trojan-activity;sid:84106488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243387)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/divinedialogue.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243387/; classtype:trojan-activity;sid:84106487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243383)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cvimelugfq.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243383/; classtype:trojan-activity;sid:84106483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243379)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243379/; classtype:trojan-activity;sid:84106479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243375)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/12.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243375/; classtype:trojan-activity;sid:84106475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243369)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243369/; classtype:trojan-activity;sid:84106469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243358)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/dos.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243358/; classtype:trojan-activity;sid:84106458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243351)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newfile.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243351/; classtype:trojan-activity;sid:84106451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243354)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/noll.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243354/; classtype:trojan-activity;sid:84106454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243347)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/shopfree.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243347/; classtype:trojan-activity;sid:84106447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243337)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243337/; classtype:trojan-activity;sid:84106437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243335)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidar.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243335/; classtype:trojan-activity;sid:84106435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243328)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243328/; classtype:trojan-activity;sid:84106428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243325)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neonn.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243325/; classtype:trojan-activity;sid:84106425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243322)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/legas.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243322/; classtype:trojan-activity;sid:84106422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243317)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/prem1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243317/; classtype:trojan-activity;sid:84106417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/controlledaccesspoint.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243313/; classtype:trojan-activity;sid:84106413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243310)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/processclass.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243310/; classtype:trojan-activity;sid:84106410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243307)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/completestudio.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243307/; classtype:trojan-activity;sid:84106407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vidsusername.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243309/; classtype:trojan-activity;sid:84106409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243306)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/neon.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243306/; classtype:trojan-activity;sid:84106406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243302)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loader_5879465914.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243302/; classtype:trojan-activity;sid:84106402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243298)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onlysteal.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243298/; classtype:trojan-activity;sid:84106398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243290)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/softina.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243290/; classtype:trojan-activity;sid:84106390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243283)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/singerjudy.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243283/; classtype:trojan-activity;sid:84106383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243284)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xm.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243284/; classtype:trojan-activity;sid:84106384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243285)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/def.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243285/; classtype:trojan-activity;sid:84106385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243278)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ai2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243278/; classtype:trojan-activity;sid:84106378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243274)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/exclude.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243274/; classtype:trojan-activity;sid:84106374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243276)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kiyan.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243276/; classtype:trojan-activity;sid:84106376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243273)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsexecutable.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243273/; classtype:trojan-activity;sid:84106373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243272)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/torque.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243272/; classtype:trojan-activity;sid:84106372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243271)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/taskhost.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243271/; classtype:trojan-activity;sid:84106371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243138)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jgevbkn6di30"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.187.223.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243138/; classtype:trojan-activity;sid:84106238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243135)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/filekey.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243135/; classtype:trojan-activity;sid:84106235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243134)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/file3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243134/; classtype:trojan-activity;sid:84106234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243133)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injek3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243133/; classtype:trojan-activity;sid:84106233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243121)"; flow:established,from_client; content:"GET"; http_method; content:"/js/s.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243121/; classtype:trojan-activity;sid:84106221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243081)"; flow:established,from_client; content:"GET"; http_method; content:"/download/update.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"110.40.51.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243081/; classtype:trojan-activity;sid:84106181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243079)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/update.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243079/; classtype:trojan-activity;sid:84106179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242916/; classtype:trojan-activity;sid:84106016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.151.133.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242903/; classtype:trojan-activity;sid:84106003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242853)"; flow:established,from_client; content:"GET"; http_method; content:"/get/rtsyboyqu8/aa.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242853/; classtype:trojan-activity;sid:84105953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242854)"; flow:established,from_client; content:"GET"; http_method; content:"/get/tvisnldnvi/ardara.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242854/; classtype:trojan-activity;sid:84105954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242852)"; flow:established,from_client; content:"GET"; http_method; content:"/get/xtfglcmk2k/windowshost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242852/; classtype:trojan-activity;sid:84105952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242851)"; flow:established,from_client; content:"GET"; http_method; content:"/get/mzocixkcrs/ee.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242851/; classtype:trojan-activity;sid:84105951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242850)"; flow:established,from_client; content:"GET"; http_method; content:"/get/840cpxujvq/w.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"upload.vina-host.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242850/; classtype:trojan-activity;sid:84105950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242595)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/octus.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242595/; classtype:trojan-activity;sid:84105695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242379)"; flow:established,from_client; content:"GET"; http_method; content:"/s/g7qeilrosjgjeoz/download"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"i0001.clarodrive.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242379/; classtype:trojan-activity;sid:84105479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; content:"GET"; http_method; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241754)"; flow:established,from_client; content:"GET"; http_method; content:"/wbrswbrn/awew45/refs/heads/main/nurik.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241754/; classtype:trojan-activity;sid:84104854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241750)"; flow:established,from_client; content:"GET"; http_method; content:"/dns/pwer"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241750/; classtype:trojan-activity;sid:84104850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241643)"; flow:established,from_client; content:"GET"; http_method; content:"/aavaahanan121/tools/main/fern_wifi_recon%252.34.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241643/; classtype:trojan-activity;sid:84104743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241636)"; flow:established,from_client; content:"GET"; http_method; content:"/award.pdf.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"alien-training.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241636/; classtype:trojan-activity;sid:84104736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241505)"; flow:established,from_client; content:"GET"; http_method; content:"/ffmpeg.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.255.2.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241505/; classtype:trojan-activity;sid:84104605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241367)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241367/; classtype:trojan-activity;sid:84104467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241357)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.37.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241357/; classtype:trojan-activity;sid:84104457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241331)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.200.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241331/; classtype:trojan-activity;sid:84104431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241291)"; flow:established,from_client; content:"GET"; http_method; content:"/key.pem"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241291/; classtype:trojan-activity;sid:84104391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; content:"GET"; http_method; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241079)"; flow:established,from_client; content:"GET"; http_method; content:"/mailclone2500/stealer/refs/heads/main/bot2.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241079/; classtype:trojan-activity;sid:84104179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241054)"; flow:established,from_client; content:"GET"; http_method; content:"/43a1723/test/releases/download/siu/stub.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241054/; classtype:trojan-activity;sid:84104154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241019)"; flow:established,from_client; content:"GET"; http_method; content:"/gosha1239/onetap/master/onetap.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241019/; classtype:trojan-activity;sid:84104119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241020)"; flow:established,from_client; content:"GET"; http_method; content:"/an0mat/azorult/refs/heads/master/builder.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241020/; classtype:trojan-activity;sid:84104120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; content:"GET"; http_method; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239678)"; flow:established,from_client; content:"GET"; http_method; content:"/enc.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.253.43.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239678/; classtype:trojan-activity;sid:84102778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239669)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_3.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239669/; classtype:trojan-activity;sid:84102769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239667)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_2.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239667/; classtype:trojan-activity;sid:84102767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239668)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_1.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239668/; classtype:trojan-activity;sid:84102768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239574)"; flow:established,from_client; content:"GET"; http_method; content:"/js/paste.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"112.217.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239574/; classtype:trojan-activity;sid:84102674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239543)"; flow:established,from_client; content:"GET"; http_method; content:"/website1/all/recoverview.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"xemhang.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239543/; classtype:trojan-activity;sid:84102643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238593)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238593/; classtype:trojan-activity;sid:84101693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238540)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/onedrive.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238540/; classtype:trojan-activity;sid:84101640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238242)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/zip/refs/heads/main"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238242/; classtype:trojan-activity;sid:84101342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238082)"; flow:established,from_client; content:"GET"; http_method; content:"/nakuss/erth/main/wenzcord.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238082/; classtype:trojan-activity;sid:84101182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238084)"; flow:established,from_client; content:"GET"; http_method; content:"/python312/rusty-dropper/main/client-built.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238084/; classtype:trojan-activity;sid:84101184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238074)"; flow:established,from_client; content:"GET"; http_method; content:"/imaeewy/test-rat-do-not-download-exe/refs/heads/main/discord.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238074/; classtype:trojan-activity;sid:84101174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238076)"; flow:established,from_client; content:"GET"; http_method; content:"/therealastro666/lolz/main/built.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238076/; classtype:trojan-activity;sid:84101176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238078)"; flow:established,from_client; content:"GET"; http_method; content:"/raz233/rgdgdrg/main/client.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238078/; classtype:trojan-activity;sid:84101178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238079)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238079/; classtype:trojan-activity;sid:84101179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238066)"; flow:established,from_client; content:"GET"; http_method; content:"/paketpk/trojan/main/njsilent.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238066/; classtype:trojan-activity;sid:84101166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238067)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/main/svhost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238067/; classtype:trojan-activity;sid:84101167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238068)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/r32r32/master/server.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238068/; classtype:trojan-activity;sid:84101168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238069)"; flow:established,from_client; content:"GET"; http_method; content:"/monkey958/sdasd/main/856.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238069/; classtype:trojan-activity;sid:84101169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238070)"; flow:established,from_client; content:"GET"; http_method; content:"/proltop1/popka/master/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238070/; classtype:trojan-activity;sid:84101170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238064)"; flow:established,from_client; content:"GET"; http_method; content:"/fortnitebott/spfnll/main/spofrln.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238064/; classtype:trojan-activity;sid:84101164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238062)"; flow:established,from_client; content:"GET"; http_method; content:"/kees5462/this-is-a-roblox-external-cheat-best-one-out-there/refs/heads/main/java32.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238062/; classtype:trojan-activity;sid:84101162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238059)"; flow:established,from_client; content:"GET"; http_method; content:"/xcocgt/priv1/main/testme.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238059/; classtype:trojan-activity;sid:84101159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238058)"; flow:established,from_client; content:"GET"; http_method; content:"/sesafvr/ayo/refs/heads/main/client-built.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238058/; classtype:trojan-activity;sid:84101158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238056)"; flow:established,from_client; content:"GET"; http_method; content:"/impar0/tryyy/main/client.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238056/; classtype:trojan-activity;sid:84101156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238057)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/main/bloxflip%20predictor.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238057/; classtype:trojan-activity;sid:84101157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238055)"; flow:established,from_client; content:"GET"; http_method; content:"/visoxc/misterbombastic/main/don/driverhost.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238055/; classtype:trojan-activity;sid:84101155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238052)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptskiddy/remoteadmintool/master/trojan.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238052/; classtype:trojan-activity;sid:84101152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238054)"; flow:established,from_client; content:"GET"; http_method; content:"/pyxe1/sheesh/9e641bf9dd97a738f11f4b212603758cd9861f27/plswork.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238054/; classtype:trojan-activity;sid:84101154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238050)"; flow:established,from_client; content:"GET"; http_method; content:"/re9neyt/goodfrag-mh-counter-strike-global-offensive-/master/goodfrag.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238050/; classtype:trojan-activity;sid:84101150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238047)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/main/sentil.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238047/; classtype:trojan-activity;sid:84101147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238048)"; flow:established,from_client; content:"GET"; http_method; content:"/bublegumle/hyh/master/server.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238048/; classtype:trojan-activity;sid:84101148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238045)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238045/; classtype:trojan-activity;sid:84101145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238046)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/osiris/refs/heads/main/2klz.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238046/; classtype:trojan-activity;sid:84101146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238041)"; flow:established,from_client; content:"GET"; http_method; content:"/tezx11/imgui/main/runtimebroker.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238041/; classtype:trojan-activity;sid:84101141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238037)"; flow:established,from_client; content:"GET"; http_method; content:"/fhebngndsg/thefunny/main/client-built.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238037/; classtype:trojan-activity;sid:84101137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238031)"; flow:established,from_client; content:"GET"; http_method; content:"/cupofteaa08/autominepermission/main/runtime%20broker.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238031/; classtype:trojan-activity;sid:84101131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238033)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraundercode/rev/main/client-built.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238033/; classtype:trojan-activity;sid:84101133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238027)"; flow:established,from_client; content:"GET"; http_method; content:"/lexazar63/minecraft-client/master/steamdetector.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238027/; classtype:trojan-activity;sid:84101127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238028)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicxz/fnaf-1/main/fusca%20game.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238028/; classtype:trojan-activity;sid:84101128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238023)"; flow:established,from_client; content:"GET"; http_method; content:"/vdlosunbik/steam.upgreyd/master/steam.upgreyd.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238023/; classtype:trojan-activity;sid:84101123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238025)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/main/amogus.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238025/; classtype:trojan-activity;sid:84101125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238021)"; flow:established,from_client; content:"GET"; http_method; content:"/anonam0369/1/main/discord.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238021/; classtype:trojan-activity;sid:84101121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238022)"; flow:established,from_client; content:"GET"; http_method; content:"/krevedko3221/porno/main/mos%20ssssttttt.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238022/; classtype:trojan-activity;sid:84101122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238018)"; flow:established,from_client; content:"GET"; http_method; content:"/gleb221/paki/master/%d0%9f%d0%b0%d0%ba%d0%b8.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238018/; classtype:trojan-activity;sid:84101118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238019)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/spectrum/main/spectrum.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238019/; classtype:trojan-activity;sid:84101119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238015)"; flow:established,from_client; content:"GET"; http_method; content:"/kami32x/discord/refs/heads/main/discord.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238015/; classtype:trojan-activity;sid:84101115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238014)"; flow:established,from_client; content:"GET"; http_method; content:"/pyxe1/sheesh/04f111bc997c01dc4aa6ab035dcb5ff877fc5bbf/client-built.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238014/; classtype:trojan-activity;sid:84101114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238013)"; flow:established,from_client; content:"GET"; http_method; content:"/vampirvikariy/clientn2/master/intro.avi.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238013/; classtype:trojan-activity;sid:84101113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238012)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/main/njrat.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238012/; classtype:trojan-activity;sid:84101112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238008)"; flow:established,from_client; content:"GET"; http_method; content:"/xerussploit/neverlose-loader/refs/heads/main/neverlose%20loader.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238008/; classtype:trojan-activity;sid:84101108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238009)"; flow:established,from_client; content:"GET"; http_method; content:"/supfrezze/jtebez/master/dayum.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238009/; classtype:trojan-activity;sid:84101109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238010)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/main/server1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238010/; classtype:trojan-activity;sid:84101110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238006)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrecxxil/syndicate/main/main.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238006/; classtype:trojan-activity;sid:84101106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237999)"; flow:established,from_client; content:"GET"; http_method; content:"/biseo0/neue/raw/main/client-built.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237999/; classtype:trojan-activity;sid:84101099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237993)"; flow:established,from_client; content:"GET"; http_method; content:"/aspdasdksa2/callback/raw/main/client-built.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237993/; classtype:trojan-activity;sid:84101093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blankobf/zip/refs/heads/v2"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237916)"; flow:established,from_client; content:"GET"; http_method; content:"/descargas/ammyy.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soportegira.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237916/; classtype:trojan-activity;sid:84101016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237889)"; flow:established,from_client; content:"GET"; http_method; content:"/activia/aa_v3.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sfa.com.ar"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237889/; classtype:trojan-activity;sid:84100989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237876)"; flow:established,from_client; content:"GET"; http_method; content:"/aa_v3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.175.186.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237876/; classtype:trojan-activity;sid:84100976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237856)"; flow:established,from_client; content:"GET"; http_method; content:"/mariolalo/myrec/main/notallowedtocrypt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237856/; classtype:trojan-activity;sid:84100956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237855)"; flow:established,from_client; content:"GET"; http_method; content:"/yusuf216/sshport/main/evetbeta.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237855/; classtype:trojan-activity;sid:84100955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237849)"; flow:established,from_client; content:"GET"; http_method; content:"/files/host.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"microsoft-analyse.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237849/; classtype:trojan-activity;sid:84100949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237823)"; flow:established,from_client; content:"GET"; http_method; content:"/cfedss/exe/main/solara_protect.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237823/; classtype:trojan-activity;sid:84100923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237796)"; flow:established,from_client; content:"GET"; http_method; content:"/jzmvip/jzmfreetool/main/asyncclient.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237796/; classtype:trojan-activity;sid:84100896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237798)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/main/crspoofer.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237798/; classtype:trojan-activity;sid:84100898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237803)"; flow:established,from_client; content:"GET"; http_method; content:"/krishnatherock9673/krishna22/main/krishna33.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237803/; classtype:trojan-activity;sid:84100903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; content:"GET"; http_method; content:"/thebb5th/123/zip/refs/heads/main"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237443)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237443/; classtype:trojan-activity;sid:84100543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236640)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"60.166.36.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236640/; classtype:trojan-activity;sid:84099740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236485)"; flow:established,from_client; content:"GET"; http_method; content:"/never.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.56.13.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236485/; classtype:trojan-activity;sid:84099585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236450)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.192.128.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236450/; classtype:trojan-activity;sid:84099550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236449)"; flow:established,from_client; content:"GET"; http_method; content:"/mvt/xmrig.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"main.dsn.ovh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236449/; classtype:trojan-activity;sid:84099549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xwgl/xw_xxgl.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xw_setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236318)"; flow:established,from_client; content:"GET"; http_method; content:"/products/4001/updates/efatura/efatura.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elisans.novayonetim.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236318/; classtype:trojan-activity;sid:84099418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236317)"; flow:established,from_client; content:"GET"; http_method; content:"/dam/software/keygen.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"desquer.ens.uabc.mx"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236317/; classtype:trojan-activity;sid:84099417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236316)"; flow:established,from_client; content:"GET"; http_method; content:"/cs-daili.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236316/; classtype:trojan-activity;sid:84099416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236314)"; flow:established,from_client; content:"GET"; http_method; content:"/ipscan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"file.edunet.ac"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236314/; classtype:trojan-activity;sid:84099414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236313)"; flow:established,from_client; content:"GET"; http_method; content:"/mirdll2.rar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dow.andylab.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236313/; classtype:trojan-activity;sid:84099413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236272)"; flow:established,from_client; content:"GET"; http_method; content:"/1skilllauncher/1skilllauncher.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236272/; classtype:trojan-activity;sid:84099372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236238)"; flow:established,from_client; content:"GET"; http_method; content:"/xbyxsv3.94.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.beiletoys.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236238/; classtype:trojan-activity;sid:84099338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; content:"GET"; http_method; content:"/natgo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dl.natgo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236230)"; flow:established,from_client; content:"GET"; http_method; content:"/website1/duc/view.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"xemhang.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236230/; classtype:trojan-activity;sid:84099330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236225)"; flow:established,from_client; content:"GET"; http_method; content:"/update/client/update.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"217.15.164.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236225/; classtype:trojan-activity;sid:84099325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236215)"; flow:established,from_client; content:"GET"; http_method; content:"/update/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"217.15.164.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236215/; classtype:trojan-activity;sid:84099315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235088)"; flow:established,from_client; content:"GET"; http_method; content:"/spoofer.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.141.26.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235088/; classtype:trojan-activity;sid:84098188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235077)"; flow:established,from_client; content:"GET"; http_method; content:"/libcurl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235077/; classtype:trojan-activity;sid:84098177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235061)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/worker.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235061/; classtype:trojan-activity;sid:84098161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234872)"; flow:established,from_client; content:"GET"; http_method; content:"/babskai/vir-s/main/asyncclient.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234872/; classtype:trojan-activity;sid:84097972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234803)"; flow:established,from_client; content:"GET"; http_method; content:"/crazycoach.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234803/; classtype:trojan-activity;sid:84097903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234465)"; flow:established,from_client; content:"GET"; http_method; content:"/right_distribution.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234465/; classtype:trojan-activity;sid:84097565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234464)"; flow:established,from_client; content:"GET"; http_method; content:"/distribution.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234464/; classtype:trojan-activity;sid:84097564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234462)"; flow:established,from_client; content:"GET"; http_method; content:"/xl_ext_chrome.crx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234462/; classtype:trojan-activity;sid:84097562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234460)"; flow:established,from_client; content:"GET"; http_method; content:"/test.pdf.lnk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234460/; classtype:trojan-activity;sid:84097560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234459)"; flow:established,from_client; content:"GET"; http_method; content:"/distribution.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234459/; classtype:trojan-activity;sid:84097559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234458)"; flow:established,from_client; content:"GET"; http_method; content:"/protect_distribution.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"117.72.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234458/; classtype:trojan-activity;sid:84097558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3233069)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"192.162.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3233069/; classtype:trojan-activity;sid:84096169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232529)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/utility-inst.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232529/; classtype:trojan-activity;sid:84095629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232530)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64_1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232530/; classtype:trojan-activity;sid:84095630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232407)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.98.174.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232407/; classtype:trojan-activity;sid:84095507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232401)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.237.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232401/; classtype:trojan-activity;sid:84095501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16419615/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3230243)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.3.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3230243/; classtype:trojan-activity;sid:84093343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228412/; classtype:trojan-activity;sid:84091512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226957)"; flow:established,from_client; content:"GET"; http_method; content:"/devmgmt.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.241.17.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226957/; classtype:trojan-activity;sid:84090057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226761)"; flow:established,from_client; content:"GET"; http_method; content:"/second.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.241.17.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226761/; classtype:trojan-activity;sid:84089861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226551)"; flow:established,from_client; content:"GET"; http_method; content:"/unmysqld.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226551/; classtype:trojan-activity;sid:84089651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226552)"; flow:established,from_client; content:"GET"; http_method; content:"/mariadb.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226552/; classtype:trojan-activity;sid:84089652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225932/; classtype:trojan-activity;sid:84089032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225931/; classtype:trojan-activity;sid:84089031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.56.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225928/; classtype:trojan-activity;sid:84089028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225922/; classtype:trojan-activity;sid:84089022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unit.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_08; reference:url, urlhaus.abuse.ch/url/3224313/; classtype:trojan-activity;sid:84087413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3224192)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bildnewl.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3224192/; classtype:trojan-activity;sid:84087292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3223989)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/loadnew.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_07; reference:url, urlhaus.abuse.ch/url/3223989/; classtype:trojan-activity;sid:84087089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218022/; classtype:trojan-activity;sid:84081122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.56.191.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218023/; classtype:trojan-activity;sid:84081123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218026)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218026/; classtype:trojan-activity;sid:84081126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218027)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218027/; classtype:trojan-activity;sid:84081127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.132"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218028/; classtype:trojan-activity;sid:84081128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218004/; classtype:trojan-activity;sid:84081104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217785/; classtype:trojan-activity;sid:84080885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217786)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217786/; classtype:trojan-activity;sid:84080886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217787)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217787/; classtype:trojan-activity;sid:84080887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217793)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.232.246.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217793/; classtype:trojan-activity;sid:84080893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.130.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217784/; classtype:trojan-activity;sid:84080884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.87.117.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217763/; classtype:trojan-activity;sid:84080863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.144.250.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217768/; classtype:trojan-activity;sid:84080868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217776)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217776/; classtype:trojan-activity;sid:84080876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.221.155.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217778/; classtype:trojan-activity;sid:84080878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217753/; classtype:trojan-activity;sid:84080853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217754/; classtype:trojan-activity;sid:84080854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217759)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217759/; classtype:trojan-activity;sid:84080859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217749/; classtype:trojan-activity;sid:84080849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.28.228.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217750/; classtype:trojan-activity;sid:84080850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217733)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.171.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217733/; classtype:trojan-activity;sid:84080833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217734)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217734/; classtype:trojan-activity;sid:84080834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217736)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217736/; classtype:trojan-activity;sid:84080836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217737)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.232.246.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217737/; classtype:trojan-activity;sid:84080837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217738)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217738/; classtype:trojan-activity;sid:84080838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217713/; classtype:trojan-activity;sid:84080813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217716)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217716/; classtype:trojan-activity;sid:84080816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217719/; classtype:trojan-activity;sid:84080819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217710)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217710/; classtype:trojan-activity;sid:84080810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217711)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.46.47.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217711/; classtype:trojan-activity;sid:84080811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217701)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.92.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217701/; classtype:trojan-activity;sid:84080801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217702)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.79.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217702/; classtype:trojan-activity;sid:84080802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217697)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.183.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217697/; classtype:trojan-activity;sid:84080797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217698)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217698/; classtype:trojan-activity;sid:84080798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.183.103.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217692/; classtype:trojan-activity;sid:84080792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217694)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.177.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217694/; classtype:trojan-activity;sid:84080794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"206.204.128.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217672/; classtype:trojan-activity;sid:84080772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217661)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217661/; classtype:trojan-activity;sid:84080761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.224.190.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217640/; classtype:trojan-activity;sid:84080740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217625/; classtype:trojan-activity;sid:84080725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.171.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217627/; classtype:trojan-activity;sid:84080727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.40.25.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217628/; classtype:trojan-activity;sid:84080728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217621/; classtype:trojan-activity;sid:84080721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217144/; classtype:trojan-activity;sid:84080244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217140/; classtype:trojan-activity;sid:84080240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217123/; classtype:trojan-activity;sid:84080223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217127/; classtype:trojan-activity;sid:84080227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217129/; classtype:trojan-activity;sid:84080229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217130/; classtype:trojan-activity;sid:84080230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217131/; classtype:trojan-activity;sid:84080231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217132/; classtype:trojan-activity;sid:84080232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217134/; classtype:trojan-activity;sid:84080234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217135/; classtype:trojan-activity;sid:84080235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217136/; classtype:trojan-activity;sid:84080236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.45.130.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217113/; classtype:trojan-activity;sid:84080213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217115/; classtype:trojan-activity;sid:84080215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217092/; classtype:trojan-activity;sid:84080192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217097/; classtype:trojan-activity;sid:84080197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217098/; classtype:trojan-activity;sid:84080198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217101/; classtype:trojan-activity;sid:84080201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217102/; classtype:trojan-activity;sid:84080202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217104/; classtype:trojan-activity;sid:84080204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217106/; classtype:trojan-activity;sid:84080206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217110/; classtype:trojan-activity;sid:84080210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217081/; classtype:trojan-activity;sid:84080181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.101.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217082/; classtype:trojan-activity;sid:84080182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217086/; classtype:trojan-activity;sid:84080186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.252.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217087/; classtype:trojan-activity;sid:84080187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217088/; classtype:trojan-activity;sid:84080188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217089/; classtype:trojan-activity;sid:84080189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217091/; classtype:trojan-activity;sid:84080191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217069/; classtype:trojan-activity;sid:84080169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.106.221.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217070/; classtype:trojan-activity;sid:84080170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.233.59.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217071/; classtype:trojan-activity;sid:84080171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217072/; classtype:trojan-activity;sid:84080172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217073/; classtype:trojan-activity;sid:84080173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217074/; classtype:trojan-activity;sid:84080174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217045/; classtype:trojan-activity;sid:84080145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217048/; classtype:trojan-activity;sid:84080148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217049/; classtype:trojan-activity;sid:84080149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217051/; classtype:trojan-activity;sid:84080151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217052/; classtype:trojan-activity;sid:84080152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217053/; classtype:trojan-activity;sid:84080153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217055/; classtype:trojan-activity;sid:84080155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217056/; classtype:trojan-activity;sid:84080156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217058/; classtype:trojan-activity;sid:84080158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217061/; classtype:trojan-activity;sid:84080161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217064/; classtype:trojan-activity;sid:84080164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217065/; classtype:trojan-activity;sid:84080165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217040/; classtype:trojan-activity;sid:84080140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217042/; classtype:trojan-activity;sid:84080142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217043/; classtype:trojan-activity;sid:84080143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217044/; classtype:trojan-activity;sid:84080144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217035/; classtype:trojan-activity;sid:84080135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217028/; classtype:trojan-activity;sid:84080128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217029/; classtype:trojan-activity;sid:84080129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.251.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217030/; classtype:trojan-activity;sid:84080130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217032/; classtype:trojan-activity;sid:84080132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217033/; classtype:trojan-activity;sid:84080133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217008/; classtype:trojan-activity;sid:84080108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217009/; classtype:trojan-activity;sid:84080109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217012/; classtype:trojan-activity;sid:84080112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.56.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217016/; classtype:trojan-activity;sid:84080116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.25.133.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217017/; classtype:trojan-activity;sid:84080117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217025/; classtype:trojan-activity;sid:84080125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217002/; classtype:trojan-activity;sid:84080102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217003/; classtype:trojan-activity;sid:84080103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217004/; classtype:trojan-activity;sid:84080104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.29.152.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217005/; classtype:trojan-activity;sid:84080105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216967/; classtype:trojan-activity;sid:84080067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216968/; classtype:trojan-activity;sid:84080068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216969/; classtype:trojan-activity;sid:84080069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216970/; classtype:trojan-activity;sid:84080070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216973/; classtype:trojan-activity;sid:84080073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216974/; classtype:trojan-activity;sid:84080074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216975/; classtype:trojan-activity;sid:84080075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216978/; classtype:trojan-activity;sid:84080078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216979/; classtype:trojan-activity;sid:84080079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216980/; classtype:trojan-activity;sid:84080080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216981/; classtype:trojan-activity;sid:84080081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.75.32.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216982/; classtype:trojan-activity;sid:84080082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216989/; classtype:trojan-activity;sid:84080089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216960/; classtype:trojan-activity;sid:84080060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216961/; classtype:trojan-activity;sid:84080061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216963/; classtype:trojan-activity;sid:84080063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.235.33.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216965/; classtype:trojan-activity;sid:84080065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216956/; classtype:trojan-activity;sid:84080056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.29.137.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216957/; classtype:trojan-activity;sid:84080057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216952/; classtype:trojan-activity;sid:84080052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.166.220.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216954/; classtype:trojan-activity;sid:84080054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216923/; classtype:trojan-activity;sid:84080023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216924/; classtype:trojan-activity;sid:84080024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216927/; classtype:trojan-activity;sid:84080027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.26.114.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216928/; classtype:trojan-activity;sid:84080028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216933/; classtype:trojan-activity;sid:84080033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216935/; classtype:trojan-activity;sid:84080035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216936/; classtype:trojan-activity;sid:84080036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216937/; classtype:trojan-activity;sid:84080037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216939/; classtype:trojan-activity;sid:84080039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216941/; classtype:trojan-activity;sid:84080041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.252.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216942/; classtype:trojan-activity;sid:84080042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216947/; classtype:trojan-activity;sid:84080047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216917/; classtype:trojan-activity;sid:84080017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216918/; classtype:trojan-activity;sid:84080018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216919/; classtype:trojan-activity;sid:84080019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.107.239.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216920/; classtype:trojan-activity;sid:84080020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216921/; classtype:trojan-activity;sid:84080021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216890/; classtype:trojan-activity;sid:84079990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216891/; classtype:trojan-activity;sid:84079991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216893/; classtype:trojan-activity;sid:84079993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216894/; classtype:trojan-activity;sid:84079994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.218.42.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216897/; classtype:trojan-activity;sid:84079997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216899/; classtype:trojan-activity;sid:84079999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216900/; classtype:trojan-activity;sid:84080000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.216.164.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216903/; classtype:trojan-activity;sid:84080003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216906/; classtype:trojan-activity;sid:84080006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216909/; classtype:trojan-activity;sid:84080009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216911/; classtype:trojan-activity;sid:84080011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.251.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216880/; classtype:trojan-activity;sid:84079980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.117.197.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216881/; classtype:trojan-activity;sid:84079981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216886/; classtype:trojan-activity;sid:84079986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.236.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216888/; classtype:trojan-activity;sid:84079988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216872/; classtype:trojan-activity;sid:84079972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216850/; classtype:trojan-activity;sid:84079950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216853/; classtype:trojan-activity;sid:84079953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216855/; classtype:trojan-activity;sid:84079955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216856/; classtype:trojan-activity;sid:84079956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.59.103.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216859/; classtype:trojan-activity;sid:84079959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216862/; classtype:trojan-activity;sid:84079962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216863/; classtype:trojan-activity;sid:84079963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216867/; classtype:trojan-activity;sid:84079967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216845/; classtype:trojan-activity;sid:84079945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216849/; classtype:trojan-activity;sid:84079949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216837/; classtype:trojan-activity;sid:84079937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216830/; classtype:trojan-activity;sid:84079930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.16.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216808/; classtype:trojan-activity;sid:84079908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216809/; classtype:trojan-activity;sid:84079909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216810/; classtype:trojan-activity;sid:84079910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216817/; classtype:trojan-activity;sid:84079917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.104.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216818/; classtype:trojan-activity;sid:84079918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216819/; classtype:trojan-activity;sid:84079919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216820/; classtype:trojan-activity;sid:84079920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216822/; classtype:trojan-activity;sid:84079922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216823/; classtype:trojan-activity;sid:84079923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.166.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216827/; classtype:trojan-activity;sid:84079927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216828/; classtype:trojan-activity;sid:84079928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216804/; classtype:trojan-activity;sid:84079904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216800/; classtype:trojan-activity;sid:84079900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216795/; classtype:trojan-activity;sid:84079895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216796/; classtype:trojan-activity;sid:84079896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216776/; classtype:trojan-activity;sid:84079876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216779/; classtype:trojan-activity;sid:84079879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.97.137.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216784/; classtype:trojan-activity;sid:84079884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216785/; classtype:trojan-activity;sid:84079885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216769/; classtype:trojan-activity;sid:84079869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216770/; classtype:trojan-activity;sid:84079870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216773/; classtype:trojan-activity;sid:84079873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216775/; classtype:trojan-activity;sid:84079875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216763/; classtype:trojan-activity;sid:84079863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.74.29.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216764/; classtype:trojan-activity;sid:84079864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216751/; classtype:trojan-activity;sid:84079851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216747/; classtype:trojan-activity;sid:84079847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216730/; classtype:trojan-activity;sid:84079830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216731/; classtype:trojan-activity;sid:84079831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216732/; classtype:trojan-activity;sid:84079832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216733/; classtype:trojan-activity;sid:84079833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216735/; classtype:trojan-activity;sid:84079835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.187.118.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216736/; classtype:trojan-activity;sid:84079836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.147.127.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216737/; classtype:trojan-activity;sid:84079837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216740/; classtype:trojan-activity;sid:84079840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216742/; classtype:trojan-activity;sid:84079842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216743/; classtype:trojan-activity;sid:84079843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216744/; classtype:trojan-activity;sid:84079844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216723/; classtype:trojan-activity;sid:84079823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216724/; classtype:trojan-activity;sid:84079824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216726/; classtype:trojan-activity;sid:84079826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.4.70.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216727/; classtype:trojan-activity;sid:84079827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216717/; classtype:trojan-activity;sid:84079817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216715/; classtype:trojan-activity;sid:84079815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216713/; classtype:trojan-activity;sid:84079813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216710/; classtype:trojan-activity;sid:84079810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216704/; classtype:trojan-activity;sid:84079804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216707/; classtype:trojan-activity;sid:84079807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216709/; classtype:trojan-activity;sid:84079809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.97.185.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216683/; classtype:trojan-activity;sid:84079783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216684/; classtype:trojan-activity;sid:84079784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216696/; classtype:trojan-activity;sid:84079796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.169.146.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216702/; classtype:trojan-activity;sid:84079802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216675/; classtype:trojan-activity;sid:84079775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216676/; classtype:trojan-activity;sid:84079776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216672/; classtype:trojan-activity;sid:84079772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.232.94.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216671/; classtype:trojan-activity;sid:84079771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216670/; classtype:trojan-activity;sid:84079770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216648/; classtype:trojan-activity;sid:84079748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216651/; classtype:trojan-activity;sid:84079751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216652/; classtype:trojan-activity;sid:84079752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216656/; classtype:trojan-activity;sid:84079756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216658/; classtype:trojan-activity;sid:84079758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.255.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216659/; classtype:trojan-activity;sid:84079759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216663/; classtype:trojan-activity;sid:84079763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216665/; classtype:trojan-activity;sid:84079765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216666/; classtype:trojan-activity;sid:84079766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216641/; classtype:trojan-activity;sid:84079741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216642/; classtype:trojan-activity;sid:84079742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216644/; classtype:trojan-activity;sid:84079744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216646/; classtype:trojan-activity;sid:84079746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.226.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216647/; classtype:trojan-activity;sid:84079747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216637/; classtype:trojan-activity;sid:84079737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216636/; classtype:trojan-activity;sid:84079736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216633/; classtype:trojan-activity;sid:84079733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216626/; classtype:trojan-activity;sid:84079726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216629/; classtype:trojan-activity;sid:84079729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216630/; classtype:trojan-activity;sid:84079730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216606/; classtype:trojan-activity;sid:84079706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216608/; classtype:trojan-activity;sid:84079708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.7.42.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216609/; classtype:trojan-activity;sid:84079709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216611/; classtype:trojan-activity;sid:84079711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.116.61.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216612/; classtype:trojan-activity;sid:84079712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.200.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216613/; classtype:trojan-activity;sid:84079713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216614/; classtype:trojan-activity;sid:84079714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.49.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216616/; classtype:trojan-activity;sid:84079716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.233.158.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216617/; classtype:trojan-activity;sid:84079717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.95.14.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216619/; classtype:trojan-activity;sid:84079719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216621/; classtype:trojan-activity;sid:84079721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216622/; classtype:trojan-activity;sid:84079722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216624/; classtype:trojan-activity;sid:84079724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216602/; classtype:trojan-activity;sid:84079702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216604/; classtype:trojan-activity;sid:84079704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216598/; classtype:trojan-activity;sid:84079698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216594/; classtype:trojan-activity;sid:84079694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216591/; classtype:trojan-activity;sid:84079691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216572/; classtype:trojan-activity;sid:84079672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216574/; classtype:trojan-activity;sid:84079674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216576/; classtype:trojan-activity;sid:84079676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216577/; classtype:trojan-activity;sid:84079677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216578/; classtype:trojan-activity;sid:84079678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216588/; classtype:trojan-activity;sid:84079688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216553/; classtype:trojan-activity;sid:84079653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216556/; classtype:trojan-activity;sid:84079656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216560/; classtype:trojan-activity;sid:84079660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216561/; classtype:trojan-activity;sid:84079661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216567/; classtype:trojan-activity;sid:84079667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.251.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216568/; classtype:trojan-activity;sid:84079668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216551/; classtype:trojan-activity;sid:84079651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216550/; classtype:trojan-activity;sid:84079650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.163.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216538/; classtype:trojan-activity;sid:84079638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216545/; classtype:trojan-activity;sid:84079645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216511/; classtype:trojan-activity;sid:84079611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.124.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216512/; classtype:trojan-activity;sid:84079612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216513/; classtype:trojan-activity;sid:84079613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216517/; classtype:trojan-activity;sid:84079617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216518/; classtype:trojan-activity;sid:84079618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216519/; classtype:trojan-activity;sid:84079619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216522/; classtype:trojan-activity;sid:84079622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216527/; classtype:trojan-activity;sid:84079627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216532/; classtype:trojan-activity;sid:84079632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216534/; classtype:trojan-activity;sid:84079634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216535/; classtype:trojan-activity;sid:84079635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216536/; classtype:trojan-activity;sid:84079636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216510/; classtype:trojan-activity;sid:84079610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216507/; classtype:trojan-activity;sid:84079607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216480/; classtype:trojan-activity;sid:84079580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.70.95.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216483/; classtype:trojan-activity;sid:84079583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216484/; classtype:trojan-activity;sid:84079584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216488/; classtype:trojan-activity;sid:84079588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216489/; classtype:trojan-activity;sid:84079589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216491/; classtype:trojan-activity;sid:84079591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216492/; classtype:trojan-activity;sid:84079592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.202.220.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216495/; classtype:trojan-activity;sid:84079595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216496/; classtype:trojan-activity;sid:84079596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216497/; classtype:trojan-activity;sid:84079597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216498/; classtype:trojan-activity;sid:84079598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.101.191.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216500/; classtype:trojan-activity;sid:84079600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216501/; classtype:trojan-activity;sid:84079601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216502/; classtype:trojan-activity;sid:84079602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216470/; classtype:trojan-activity;sid:84079570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216471/; classtype:trojan-activity;sid:84079571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216475/; classtype:trojan-activity;sid:84079575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216468/; classtype:trojan-activity;sid:84079568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216464/; classtype:trojan-activity;sid:84079564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216463/; classtype:trojan-activity;sid:84079563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216457)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.247.198.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216457/; classtype:trojan-activity;sid:84079557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216448)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.152.32.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216448/; classtype:trojan-activity;sid:84079548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.215.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216440/; classtype:trojan-activity;sid:84079540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216435)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216435/; classtype:trojan-activity;sid:84079535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216430)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216430/; classtype:trojan-activity;sid:84079530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216425/; classtype:trojan-activity;sid:84079525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216420)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"165.220.157.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216420/; classtype:trojan-activity;sid:84079520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216418)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.249.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216418/; classtype:trojan-activity;sid:84079518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216419/; classtype:trojan-activity;sid:84079519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216413/; classtype:trojan-activity;sid:84079513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.232.126.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216403)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"223.247.198.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216403/; classtype:trojan-activity;sid:84079503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216393)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.219.177.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216393/; classtype:trojan-activity;sid:84079493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216389)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.214.180.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216389/; classtype:trojan-activity;sid:84079489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.220.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216380/; classtype:trojan-activity;sid:84079480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216376)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216376/; classtype:trojan-activity;sid:84079476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216349)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.225.217.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216349/; classtype:trojan-activity;sid:84079449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216329/; classtype:trojan-activity;sid:84079429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.240.97.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216327/; classtype:trojan-activity;sid:84079427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.156.110.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216326/; classtype:trojan-activity;sid:84079426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216323)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.228.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216323/; classtype:trojan-activity;sid:84079423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216322/; classtype:trojan-activity;sid:84079422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216321/; classtype:trojan-activity;sid:84079421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216318/; classtype:trojan-activity;sid:84079418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216314)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216314/; classtype:trojan-activity;sid:84079414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215858/; classtype:trojan-activity;sid:84078958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.206.226.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215856/; classtype:trojan-activity;sid:84078956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.126.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215857/; classtype:trojan-activity;sid:84078957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.4.70.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215846/; classtype:trojan-activity;sid:84078946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215838/; classtype:trojan-activity;sid:84078938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215842/; classtype:trojan-activity;sid:84078942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.252.8.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215843/; classtype:trojan-activity;sid:84078943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215834/; classtype:trojan-activity;sid:84078934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.202.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215835/; classtype:trojan-activity;sid:84078935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.26.114.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215821/; classtype:trojan-activity;sid:84078921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215822/; classtype:trojan-activity;sid:84078922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215830/; classtype:trojan-activity;sid:84078930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.36.25.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215817/; classtype:trojan-activity;sid:84078917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215811/; classtype:trojan-activity;sid:84078911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.233.158.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215805/; classtype:trojan-activity;sid:84078905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.216.164.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215807/; classtype:trojan-activity;sid:84078907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.14.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215809/; classtype:trojan-activity;sid:84078909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.74.29.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215777/; classtype:trojan-activity;sid:84078877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.151.108.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215780/; classtype:trojan-activity;sid:84078880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.56.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215781/; classtype:trojan-activity;sid:84078881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215787/; classtype:trojan-activity;sid:84078887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215790/; classtype:trojan-activity;sid:84078890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.11.216.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215791/; classtype:trojan-activity;sid:84078891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.179.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215792/; classtype:trojan-activity;sid:84078892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215793/; classtype:trojan-activity;sid:84078893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.70.238.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215794/; classtype:trojan-activity;sid:84078894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215776/; classtype:trojan-activity;sid:84078876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215485/; classtype:trojan-activity;sid:84078585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.16.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215484/; classtype:trojan-activity;sid:84078584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215481/; classtype:trojan-activity;sid:84078581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215482/; classtype:trojan-activity;sid:84078582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215483/; classtype:trojan-activity;sid:84078583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.103.100.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215471/; classtype:trojan-activity;sid:84078571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.153.80.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215472/; classtype:trojan-activity;sid:84078572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215473/; classtype:trojan-activity;sid:84078573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215474/; classtype:trojan-activity;sid:84078574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.255.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215475/; classtype:trojan-activity;sid:84078575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215476/; classtype:trojan-activity;sid:84078576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215468/; classtype:trojan-activity;sid:84078568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215469/; classtype:trojan-activity;sid:84078569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215462/; classtype:trojan-activity;sid:84078562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215464/; classtype:trojan-activity;sid:84078564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215451/; classtype:trojan-activity;sid:84078551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.239.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215453/; classtype:trojan-activity;sid:84078553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215455/; classtype:trojan-activity;sid:84078555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.59.103.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215458/; classtype:trojan-activity;sid:84078558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215447/; classtype:trojan-activity;sid:84078547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215449/; classtype:trojan-activity;sid:84078549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.218.42.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215442/; classtype:trojan-activity;sid:84078542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215434/; classtype:trojan-activity;sid:84078534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215435/; classtype:trojan-activity;sid:84078535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.116.61.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215436/; classtype:trojan-activity;sid:84078536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.75.32.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215437/; classtype:trojan-activity;sid:84078537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215424/; classtype:trojan-activity;sid:84078524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215425/; classtype:trojan-activity;sid:84078525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.200.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215426/; classtype:trojan-activity;sid:84078526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.127.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215427/; classtype:trojan-activity;sid:84078527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.214.35.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215422/; classtype:trojan-activity;sid:84078522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.235.33.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215416/; classtype:trojan-activity;sid:84078516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.252.114.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215418/; classtype:trojan-activity;sid:84078518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215409/; classtype:trojan-activity;sid:84078509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215410/; classtype:trojan-activity;sid:84078510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.185.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215414/; classtype:trojan-activity;sid:84078514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215403/; classtype:trojan-activity;sid:84078503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215404/; classtype:trojan-activity;sid:84078504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215401/; classtype:trojan-activity;sid:84078501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.166.89.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215390/; classtype:trojan-activity;sid:84078490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215392/; classtype:trojan-activity;sid:84078492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.251.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215384/; classtype:trojan-activity;sid:84078484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215388/; classtype:trojan-activity;sid:84078488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215383/; classtype:trojan-activity;sid:84078483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.232.94.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215376/; classtype:trojan-activity;sid:84078476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215377/; classtype:trojan-activity;sid:84078477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.137.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215379/; classtype:trojan-activity;sid:84078479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215366/; classtype:trojan-activity;sid:84078466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215369/; classtype:trojan-activity;sid:84078469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215371/; classtype:trojan-activity;sid:84078471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215362/; classtype:trojan-activity;sid:84078462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215365/; classtype:trojan-activity;sid:84078465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215356/; classtype:trojan-activity;sid:84078456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215357/; classtype:trojan-activity;sid:84078457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214605)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.245.12.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214605/; classtype:trojan-activity;sid:84077705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214575)"; flow:established,from_client; content:"GET"; http_method; content:"/aa.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.245.12.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214575/; classtype:trojan-activity;sid:84077675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214160)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.254.74.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214160/; classtype:trojan-activity;sid:84077260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214137)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.252.182.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214137/; classtype:trojan-activity;sid:84077237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214136)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.105.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214136/; classtype:trojan-activity;sid:84077236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214106)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.250.188.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214106/; classtype:trojan-activity;sid:84077206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214099)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.15.224.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214099/; classtype:trojan-activity;sid:84077199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3214078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3214078/; classtype:trojan-activity;sid:84077178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213563/; classtype:trojan-activity;sid:84076663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.214.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213507/; classtype:trojan-activity;sid:84076607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208612)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ewpeloxttug.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208612/; classtype:trojan-activity;sid:84071712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208614)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rstxdhuj.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208614/; classtype:trojan-activity;sid:84071714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208610)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/newbundle2.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208610/; classtype:trojan-activity;sid:84071710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208611)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummetc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208611/; classtype:trojan-activity;sid:84071711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208605)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lgendpremium.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208605/; classtype:trojan-activity;sid:84071705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208603)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/deliciouspart.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208603/; classtype:trojan-activity;sid:84071703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208604)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pkcontent.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208604/; classtype:trojan-activity;sid:84071704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3208315)"; flow:established,from_client; content:"GET"; http_method; content:"/download/3d%20builder_12_1201419.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"znrq.zifwxq.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3208315/; classtype:trojan-activity;sid:84071415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3207955)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.126.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3207955/; classtype:trojan-activity;sid:84071055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204753/; classtype:trojan-activity;sid:84067853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204733/; classtype:trojan-activity;sid:84067833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; content:"GET"; http_method; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"download.suxiazai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; content:"GET"; http_method; content:"/slinky/slinkycrack.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"crystalpvp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198896)"; flow:established,from_client; content:"GET"; http_method; content:"/itplan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198896/; classtype:trojan-activity;sid:84061996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198884)"; flow:established,from_client; content:"GET"; http_method; content:"/itplan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198884/; classtype:trojan-activity;sid:84061984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198881)"; flow:established,from_client; content:"GET"; http_method; content:"/it_plan_cifs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198881/; classtype:trojan-activity;sid:84061981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198873)"; flow:established,from_client; content:"GET"; http_method; content:"/it_plan_cifs.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198873/; classtype:trojan-activity;sid:84061973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198849)"; flow:established,from_client; content:"GET"; http_method; content:"/tstory.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198849/; classtype:trojan-activity;sid:84061949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198764)"; flow:established,from_client; content:"GET"; http_method; content:"/host.out"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.50.0.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198764/; classtype:trojan-activity;sid:84061864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198759)"; flow:established,from_client; content:"GET"; http_method; content:"/psexec64.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198759/; classtype:trojan-activity;sid:84061859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198713)"; flow:established,from_client; content:"GET"; http_method; content:"/tstory.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198713/; classtype:trojan-activity;sid:84061813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198703)"; flow:established,from_client; content:"GET"; http_method; content:"/naver.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"storage.soowim.co.kr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198703/; classtype:trojan-activity;sid:84061803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195887)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.98.231.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195887/; classtype:trojan-activity;sid:84058987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195851)"; flow:established,from_client; content:"GET"; http_method; content:"/hid.dll"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"112.124.28.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195851/; classtype:trojan-activity;sid:84058951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195849)"; flow:established,from_client; content:"GET"; http_method; content:"/nc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.124.28.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195849/; classtype:trojan-activity;sid:84058949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195847)"; flow:established,from_client; content:"GET"; http_method; content:"/abc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"39.105.31.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195847/; classtype:trojan-activity;sid:84058947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195831)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195831/; classtype:trojan-activity;sid:84058931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195832)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195832/; classtype:trojan-activity;sid:84058932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195759)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195759/; classtype:trojan-activity;sid:84058859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195257)"; flow:established,from_client; content:"GET"; http_method; content:"/fiddlersetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.123.237.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195257/; classtype:trojan-activity;sid:84058357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195255)"; flow:established,from_client; content:"GET"; http_method; content:"/exsync.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"58.137.135.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195255/; classtype:trojan-activity;sid:84058355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195166)"; flow:established,from_client; content:"GET"; http_method; content:"/aact.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.22.21.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195166/; classtype:trojan-activity;sid:84058266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195157)"; flow:established,from_client; content:"GET"; http_method; content:"/chromesetup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195157/; classtype:trojan-activity;sid:84058257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192740)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192740/; classtype:trojan-activity;sid:84055840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192738)"; flow:established,from_client; content:"GET"; http_method; content:"/sq1mon-v.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192738/; classtype:trojan-activity;sid:84055838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192737)"; flow:established,from_client; content:"GET"; http_method; content:"/library.so"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192737/; classtype:trojan-activity;sid:84055837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192735)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192735/; classtype:trojan-activity;sid:84055835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192736)"; flow:established,from_client; content:"GET"; http_method; content:"/data.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192736/; classtype:trojan-activity;sid:84055836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192734)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192734/; classtype:trojan-activity;sid:84055834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192733)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_lagacy.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192733/; classtype:trojan-activity;sid:84055833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192732)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192732/; classtype:trojan-activity;sid:84055832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192730)"; flow:established,from_client; content:"GET"; http_method; content:"/cabbage.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"203.204.217.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192730/; classtype:trojan-activity;sid:84055830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192568)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk/win32/mimikatz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"120.25.163.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192568/; classtype:trojan-activity;sid:84055668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190997/; classtype:trojan-activity;sid:84054097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190937)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.44.116.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190937/; classtype:trojan-activity;sid:84054037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190775)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190775/; classtype:trojan-activity;sid:84053875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190704/; classtype:trojan-activity;sid:84053804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190662)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190662/; classtype:trojan-activity;sid:84053762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190640)"; flow:established,from_client; content:"GET"; http_method; content:"/sysloader.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190640/; classtype:trojan-activity;sid:84053740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190579)"; flow:established,from_client; content:"GET"; http_method; content:"/nn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190579/; classtype:trojan-activity;sid:84053679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190578)"; flow:established,from_client; content:"GET"; http_method; content:"/cnrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.95.79.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190578/; classtype:trojan-activity;sid:84053678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190347)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190347/; classtype:trojan-activity;sid:84053447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190343)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190343/; classtype:trojan-activity;sid:84053443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190344)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190344/; classtype:trojan-activity;sid:84053444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190338)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190338/; classtype:trojan-activity;sid:84053438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190327)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190327/; classtype:trojan-activity;sid:84053427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190331)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190331/; classtype:trojan-activity;sid:84053431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190332)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190332/; classtype:trojan-activity;sid:84053432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"110.239.6.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190333/; classtype:trojan-activity;sid:84053433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190335)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190335/; classtype:trojan-activity;sid:84053435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190336)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190336/; classtype:trojan-activity;sid:84053436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190325)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.63.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190325/; classtype:trojan-activity;sid:84053425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190320/; classtype:trojan-activity;sid:84053420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190321/; classtype:trojan-activity;sid:84053421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190322/; classtype:trojan-activity;sid:84053422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190316)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190316/; classtype:trojan-activity;sid:84053416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190318)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190318/; classtype:trojan-activity;sid:84053418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190319/; classtype:trojan-activity;sid:84053419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189365)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/installeraus.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189365/; classtype:trojan-activity;sid:84052465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskyxn/changesource/master/besttrace"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187580)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/blackload.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187580/; classtype:trojan-activity;sid:84050680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/unison.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187576/; classtype:trojan-activity;sid:84050676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187577)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winrarinstall.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187577/; classtype:trojan-activity;sid:84050677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187575)"; flow:established,from_client; content:"GET"; http_method; content:"/7z.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.mvip8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187575/; classtype:trojan-activity;sid:84050675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187570)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ufw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187570/; classtype:trojan-activity;sid:84050670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186577)"; flow:established,from_client; content:"GET"; http_method; content:"/kmsauto%20net%202016%20v1.5.0%20portable.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"212.39.67.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186577/; classtype:trojan-activity;sid:84049677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186434)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_win_tool_v9.6.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186434/; classtype:trojan-activity;sid:84049534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186433)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_win_tool_v9.6.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186433/; classtype:trojan-activity;sid:84049533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186432)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186432/; classtype:trojan-activity;sid:84049532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186431)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186431/; classtype:trojan-activity;sid:84049531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186426)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186426/; classtype:trojan-activity;sid:84049526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186427)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.243.129.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186427/; classtype:trojan-activity;sid:84049527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3185853)"; flow:established,from_client; content:"GET"; http_method; content:"/mysqld.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.238.84.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3185853/; classtype:trojan-activity;sid:84048953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184776)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/config.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184776/; classtype:trojan-activity;sid:84047876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184769)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/hostfile/autoupdate.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"103.110.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184769/; classtype:trojan-activity;sid:84047869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184301)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/needmoney.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184301/; classtype:trojan-activity;sid:84047401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184299)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/firefox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184299/; classtype:trojan-activity;sid:84047399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184293)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/microsoft.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184293/; classtype:trojan-activity;sid:84047393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3184284)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac222222.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_21; reference:url, urlhaus.abuse.ch/url/3184284/; classtype:trojan-activity;sid:84047384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182627)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182627/; classtype:trojan-activity;sid:84045727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182626)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182626/; classtype:trojan-activity;sid:84045726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182622)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182622/; classtype:trojan-activity;sid:84045722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182623)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182623/; classtype:trojan-activity;sid:84045723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182624)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182624/; classtype:trojan-activity;sid:84045724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182620)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182620/; classtype:trojan-activity;sid:84045720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176961)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadeus.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176961/; classtype:trojan-activity;sid:84040061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3176887)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clip.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_16; reference:url, urlhaus.abuse.ch/url/3176887/; classtype:trojan-activity;sid:84039987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175721/; classtype:trojan-activity;sid:84038821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175712)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175712/; classtype:trojan-activity;sid:84038812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175448)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175448/; classtype:trojan-activity;sid:84038548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175437)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175437/; classtype:trojan-activity;sid:84038537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175403)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175403/; classtype:trojan-activity;sid:84038503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.131.3.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175280/; classtype:trojan-activity;sid:84038380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175149)"; flow:established,from_client; content:"GET"; http_method; content:"/load.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175149/; classtype:trojan-activity;sid:84038249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175134)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"122.51.183.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175134/; classtype:trojan-activity;sid:84038234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175124)"; flow:established,from_client; content:"GET"; http_method; content:"/build.config"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175124/; classtype:trojan-activity;sid:84038224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3175127)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"8.138.81.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3175127/; classtype:trojan-activity;sid:84038227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174586)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bitcoincore.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174586/; classtype:trojan-activity;sid:84037686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174584)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/8.11.9-windows.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174584/; classtype:trojan-activity;sid:84037684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174582)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174582/; classtype:trojan-activity;sid:84037682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174581)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/broadcom5.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174581/; classtype:trojan-activity;sid:84037681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174580)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174580/; classtype:trojan-activity;sid:84037680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174579)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client_protected.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174579/; classtype:trojan-activity;sid:84037679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174578)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/freedom.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174578/; classtype:trojan-activity;sid:84037678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174576)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rms1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174576/; classtype:trojan-activity;sid:84037676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174574)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pichon.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174574/; classtype:trojan-activity;sid:84037674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174575)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gift-info.lmg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174575/; classtype:trojan-activity;sid:84037675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174573)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cclent.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174573/; classtype:trojan-activity;sid:84037673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174572)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyl64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174572/; classtype:trojan-activity;sid:84037672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174570)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/bandwidth_monitor.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174570/; classtype:trojan-activity;sid:84037670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174569)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/whiteheroin.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174569/; classtype:trojan-activity;sid:84037669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174568)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/hvnc1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174568/; classtype:trojan-activity;sid:84037668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174566)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ghost_0x000263826b9a9b91.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174566/; classtype:trojan-activity;sid:84037666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174567)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/morphic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174567/; classtype:trojan-activity;sid:84037667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174564)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cnyvvl.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174564/; classtype:trojan-activity;sid:84037664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174565)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xclient_protected.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174565/; classtype:trojan-activity;sid:84037665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174560)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/resex.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174560/; classtype:trojan-activity;sid:84037660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174561)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5knchalah.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174561/; classtype:trojan-activity;sid:84037661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174556)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6253708004881862888.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174556/; classtype:trojan-activity;sid:84037656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174501)"; flow:established,from_client; content:"GET"; http_method; content:"/dobre/splwow64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174501/; classtype:trojan-activity;sid:84037601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174498)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/penis.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174498/; classtype:trojan-activity;sid:84037598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174493)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vlst.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174493/; classtype:trojan-activity;sid:84037593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174406)"; flow:established,from_client; content:"GET"; http_method; content:"/winring0x64.sys"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.173.254.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174406/; classtype:trojan-activity;sid:84037506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172268)"; flow:established,from_client; content:"GET"; http_method; content:"/taskmgr.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.173.254.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172268/; classtype:trojan-activity;sid:84035368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.16.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171183/; classtype:trojan-activity;sid:84034283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3170362)"; flow:established,from_client; content:"GET"; http_method; content:"/386.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"112.33.27.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_13; reference:url, urlhaus.abuse.ch/url/3170362/; classtype:trojan-activity;sid:84033462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169080)"; flow:established,from_client; content:"GET"; http_method; content:"/tenants/135790374f46b0107c516a5f5e13069b/5e5f800fdf87209fdf8f9b61441e53a1/linux/x64/stable/install.sh"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"download.cudo.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169080/; classtype:trojan-activity;sid:84032180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3164933)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.23.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3164933/; classtype:trojan-activity;sid:84028033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3164816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_10; reference:url, urlhaus.abuse.ch/url/3164816/; classtype:trojan-activity;sid:84027916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.16.102.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_08; reference:url, urlhaus.abuse.ch/url/3163126/; classtype:trojan-activity;sid:84026226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3153310)"; flow:established,from_client; content:"GET"; http_method; content:"/fastjson.class"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.134.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_02; reference:url, urlhaus.abuse.ch/url/3153310/; classtype:trojan-activity;sid:84016410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138431)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138431/; classtype:trojan-activity;sid:84001531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138430)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138430/; classtype:trojan-activity;sid:84001530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138428)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138428/; classtype:trojan-activity;sid:84001528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138429)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138429/; classtype:trojan-activity;sid:84001529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138426)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138426/; classtype:trojan-activity;sid:84001526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3138268)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.156.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_01; reference:url, urlhaus.abuse.ch/url/3138268/; classtype:trojan-activity;sid:84001368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3137563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3137563/; classtype:trojan-activity;sid:84000663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135725)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/dsfuwqu/main/zombie"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135725/; classtype:trojan-activity;sid:83998825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134374)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/wnbsqv3008.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soft.wsyhn.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134374/; classtype:trojan-activity;sid:83997474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhelper_1540.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"down.qqfarmer.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134368)"; flow:established,from_client; content:"GET"; http_method; content:"/login/1188%e7%83%88%e7%84%b0.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.ly.9377.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134368/; classtype:trojan-activity;sid:83997468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134001)"; flow:established,from_client; content:"GET"; http_method; content:"/143/bot/sj.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.haory.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134001/; classtype:trojan-activity;sid:83997101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%8b%8d%e7%89%8c%e4%b8%93%e4%b8%9a%e7%89%88.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ini.sh-pp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129592/; classtype:trojan-activity;sid:83992692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129422)"; flow:established,from_client; content:"GET"; http_method; content:"/tjqdq.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.249.193.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129422/; classtype:trojan-activity;sid:83992522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129421)"; flow:established,from_client; content:"GET"; http_method; content:"/test/restart1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.aqianniao.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129421/; classtype:trojan-activity;sid:83992521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; content:"GET"; http_method; content:"/asmedises/pxray_cast_sort.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.medises.co.kr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129223)"; flow:established,from_client; content:"GET"; http_method; content:"/enp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adf6.adf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129223/; classtype:trojan-activity;sid:83992323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; content:"GET"; http_method; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127950)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings/greetings1/wow.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127950/; classtype:trojan-activity;sid:83991050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127898)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pyld611114.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127898/; classtype:trojan-activity;sid:83990998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127897)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification-1.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127897/; classtype:trojan-activity;sid:83990997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/purlog.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127896/; classtype:trojan-activity;sid:83990996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127894)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mswgoudnv.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127894/; classtype:trojan-activity;sid:83990994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127893)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ven_protected.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127893/; classtype:trojan-activity;sid:83990993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127892)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/surfex.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127892/; classtype:trojan-activity;sid:83990992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127891)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gagagggagagag.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127891/; classtype:trojan-activity;sid:83990991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127795)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/install2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127795/; classtype:trojan-activity;sid:83990895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127791)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/t3.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127791/; classtype:trojan-activity;sid:83990891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127789)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/winn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127789/; classtype:trojan-activity;sid:83990889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127787)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/explorer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127787/; classtype:trojan-activity;sid:83990887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3127788)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/new1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_25; reference:url, urlhaus.abuse.ch/url/3127788/; classtype:trojan-activity;sid:83990888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3126010)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3126010/; classtype:trojan-activity;sid:83989110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125901)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2021-3156.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"20.243.255.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125901/; classtype:trojan-activity;sid:83989001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125605)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/indentif.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125605/; classtype:trojan-activity;sid:83988705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125604)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/s%d0%b5tu%d1%80111.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125604/; classtype:trojan-activity;sid:83988704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125603)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/xxxx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125603/; classtype:trojan-activity;sid:83988703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125602)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/windowsui.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125602/; classtype:trojan-activity;sid:83988702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125601)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/lummac22222.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125601/; classtype:trojan-activity;sid:83988701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3125598)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default2.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_24; reference:url, urlhaus.abuse.ch/url/3125598/; classtype:trojan-activity;sid:83988698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121905)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/caricatured.emz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"jahez.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121905/; classtype:trojan-activity;sid:83985005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3121906)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/azdbzliddkt187.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"jahez.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_22; reference:url, urlhaus.abuse.ch/url/3121906/; classtype:trojan-activity;sid:83985006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120967)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vn70wvxw.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120967/; classtype:trojan-activity;sid:83984067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120608)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted8888.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120608/; classtype:trojan-activity;sid:83983708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3120496)"; flow:established,from_client; content:"GET"; http_method; content:"/download/ru/downloader.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ldcdn.ldmnq.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3120496/; classtype:trojan-activity;sid:83983596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118411)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_daval.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118411/; classtype:trojan-activity;sid:83981511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117673)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/meta.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117673/; classtype:trojan-activity;sid:83980773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117555)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identification.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117555/; classtype:trojan-activity;sid:83980655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117553)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117553/; classtype:trojan-activity;sid:83980653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117554)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clcs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117554/; classtype:trojan-activity;sid:83980654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117551)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/seo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117551/; classtype:trojan-activity;sid:83980651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117550)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/coreplugin.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117550/; classtype:trojan-activity;sid:83980650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3117549)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/diskutility.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3117549/; classtype:trojan-activity;sid:83980649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3115896)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/drchoe.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3115896/; classtype:trojan-activity;sid:83978996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112853)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/set-up.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112853/; classtype:trojan-activity;sid:83975953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/battlegermany.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112844/; classtype:trojan-activity;sid:83975944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112728)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3546345.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112728/; classtype:trojan-activity;sid:83975828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112688)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/channel1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112688/; classtype:trojan-activity;sid:83975788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.213.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112408)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112408/; classtype:trojan-activity;sid:83975508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112410)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112410/; classtype:trojan-activity;sid:83975510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112411)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112411/; classtype:trojan-activity;sid:83975511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112412)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112412/; classtype:trojan-activity;sid:83975512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112414)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112414/; classtype:trojan-activity;sid:83975514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112415)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.118.19.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112415/; classtype:trojan-activity;sid:83975515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.121.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3111151)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/contorax.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3111151/; classtype:trojan-activity;sid:83974251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/survox.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110939/; classtype:trojan-activity;sid:83974039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110852)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.142.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110852/; classtype:trojan-activity;sid:83973952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110838)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.230.25.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110838/; classtype:trojan-activity;sid:83973938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110832)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.163.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110832/; classtype:trojan-activity;sid:83973932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110626)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.14.213.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110626/; classtype:trojan-activity;sid:83973726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110487)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/runtime.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110487/; classtype:trojan-activity;sid:83973587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110485)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gsprout.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110485/; classtype:trojan-activity;sid:83973585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110484)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stub.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110484/; classtype:trojan-activity;sid:83973584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110482)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/file1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110482/; classtype:trojan-activity;sid:83973582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110483)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/js.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110483/; classtype:trojan-activity;sid:83973583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110402)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mobiletrans.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110402/; classtype:trojan-activity;sid:83973502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110401)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/zzzz1.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110401/; classtype:trojan-activity;sid:83973501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110396)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/5_6190317556063017550.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110396/; classtype:trojan-activity;sid:83973496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110397)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pctoccurred.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110397/; classtype:trojan-activity;sid:83973497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110398)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/doc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110398/; classtype:trojan-activity;sid:83973498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110399)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110399/; classtype:trojan-activity;sid:83973499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110400)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rorukal.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110400/; classtype:trojan-activity;sid:83973500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110389)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/northsperm.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110389/; classtype:trojan-activity;sid:83973489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110390)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mepaxil.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110390/; classtype:trojan-activity;sid:83973490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110392)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/semiconductornot.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110392/; classtype:trojan-activity;sid:83973492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110393)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/scheduledllama.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110393/; classtype:trojan-activity;sid:83973493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3110394)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/14082024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3110394/; classtype:trojan-activity;sid:83973494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109981)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109981/; classtype:trojan-activity;sid:83973081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109982)"; flow:established,from_client; content:"GET"; http_method; content:"/in/204.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109982/; classtype:trojan-activity;sid:83973082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109697)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109697/; classtype:trojan-activity;sid:83972797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109452)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/537/415/full/whatsapp-logo-3-1.png|3f|1584245765"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109452/; classtype:trojan-activity;sid:83972552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109453)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/140/933/full/capturar.jpg|3f|1616184212"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109453/; classtype:trojan-activity;sid:83972553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109449)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/967/434/thumb/button.png"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109449/; classtype:trojan-activity;sid:83972549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109439)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/752/720/original/granitex.jpg|3f|1543516565"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109439/; classtype:trojan-activity;sid:83972539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109425)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/881/106/original/youtube.png|3f|1549480063"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109425/; classtype:trojan-activity;sid:83972525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109428)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/620/770/original/f284.jpg|3f|1641668895"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109428/; classtype:trojan-activity;sid:83972528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109406)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/956/295/thumb/mplogo22.png|3f|1658783084"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109406/; classtype:trojan-activity;sid:83972506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109396)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/551/147/original/sky8.png|3f|1689864217"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109396/; classtype:trojan-activity;sid:83972496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109381)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/912/781/thumb/logomp.png|3f|1655966639"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109381/; classtype:trojan-activity;sid:83972481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109382)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/612/441/full/3.png|3f|1695085716"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109382/; classtype:trojan-activity;sid:83972482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109370)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/415/079/original/imagemtimfinal.png|3f|168039419"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109370/; classtype:trojan-activity;sid:83972470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109366)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/770/199/full/logo-meli-br_2x.png|3f|1647201315"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109366/; classtype:trojan-activity;sid:83972466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109348)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/191/985/thumb/logo_evolo.png|3f|1669730114"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109348/; classtype:trojan-activity;sid:83972448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109330)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/002/623/original/sky8.png|3f|1661860465"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109330/; classtype:trojan-activity;sid:83972430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109314)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/976/790/full/cef.png|3f|1606180852"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109314/; classtype:trojan-activity;sid:83972414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109309)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/031/327/full/qpppppppppp.png|3f|1502141344"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109309/; classtype:trojan-activity;sid:83972409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109303)"; flow:established,from_client; content:"GET"; http_method; content:"/images/001/980/628/full/logo_it_9as8d7f.png|3f|1553264394"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109303/; classtype:trojan-activity;sid:83972403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109299)"; flow:established,from_client; content:"GET"; http_method; content:"/images/003/972/981/full/manoel_santos.png|3f|1659978692"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109299/; classtype:trojan-activity;sid:83972399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109300)"; flow:established,from_client; content:"GET"; http_method; content:"/images/000/889/191/full/cntt_prem.jpg|3f|1492018078"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109300/; classtype:trojan-activity;sid:83972400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109297)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/953/380/full/14pontos14jogos.jpeg|3f|1604940236"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109297/; classtype:trojan-activity;sid:83972397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109291)"; flow:established,from_client; content:"GET"; http_method; content:"/images/002/857/684/full/arte_oficial.jpg|3f|1598893173"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109291/; classtype:trojan-activity;sid:83972391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109280)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/039/779/full/amendujt.png|3f|1664339064"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109280/; classtype:trojan-activity;sid:83972380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109270)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/759/645/original/0004.jpg|3f|1711126095"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109270/; classtype:trojan-activity;sid:83972370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109264)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/382/855/full/liveptsveasbrad.jpg|3f|1678339424"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109264/; classtype:trojan-activity;sid:83972364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109072)"; flow:established,from_client; content:"GET"; http_method; content:"/download/new_image/new_image.jpg"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109072/; classtype:trojan-activity;sid:83972172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108459)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/robotic.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108459/; classtype:trojan-activity;sid:83971559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106840)"; flow:established,from_client; content:"GET"; http_method; content:"/tool/extreme%20injector%20v3.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"124.220.235.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106840/; classtype:trojan-activity;sid:83969940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106396)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/msedge.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106396/; classtype:trojan-activity;sid:83969496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103617)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/out_test_sig.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103617/; classtype:trojan-activity;sid:83966717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103483)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.148.140.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103483/; classtype:trojan-activity;sid:83966583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103463)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.10.240.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103463/; classtype:trojan-activity;sid:83966563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103368)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.92.101.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103368/; classtype:trojan-activity;sid:83966468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103197)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cookie250.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103197/; classtype:trojan-activity;sid:83966297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102707)"; flow:established,from_client; content:"GET"; http_method; content:"/images/blink"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.250.224.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3102707/; classtype:trojan-activity;sid:83965807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102194)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/nano.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102194/; classtype:trojan-activity;sid:83965294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3102108)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1111.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3102108/; classtype:trojan-activity;sid:83965208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101697)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/identifications.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101697/; classtype:trojan-activity;sid:83964797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101696)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pimer_bbbcontents7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101696/; classtype:trojan-activity;sid:83964796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101202)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/raw/5b5d1a339e750dfcc24fd8a7805629dd300db45b/g2m.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101202/; classtype:trojan-activity;sid:83964302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101203)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/raw/f6a9d2071e5b6947d79a7e0bba8e57326fcd76e9/aperturelab.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101203/; classtype:trojan-activity;sid:83964303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3101087)"; flow:established,from_client; content:"GET"; http_method; content:"/installkitnew90/setupnew3/releases/download/setupnew/install.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3101087/; classtype:trojan-activity;sid:83964187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100622)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/request.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_11; reference:url, urlhaus.abuse.ch/url/3100622/; classtype:trojan-activity;sid:83963722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwsupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099818)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator222.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099818/; classtype:trojan-activity;sid:83962918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099812)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/annesalt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099812/; classtype:trojan-activity;sid:83962912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099813)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/considerablewinners.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099813/; classtype:trojan-activity;sid:83962913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099814)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/uhigdbf.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099814/; classtype:trojan-activity;sid:83962914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099815)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/redsystem.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099815/; classtype:trojan-activity;sid:83962915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099816)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/yoyf.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099816/; classtype:trojan-activity;sid:83962916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099810)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/vhpcde.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099810/; classtype:trojan-activity;sid:83962910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099811)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cudo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099811/; classtype:trojan-activity;sid:83962911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099808)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/300.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099808/; classtype:trojan-activity;sid:83962908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099809)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/343dsxs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099809/; classtype:trojan-activity;sid:83962909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099807)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/amadey.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099807/; classtype:trojan-activity;sid:83962907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099776)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/team.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099776/; classtype:trojan-activity;sid:83962876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099772)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/consoleapp3.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099772/; classtype:trojan-activity;sid:83962872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099774)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099774/; classtype:trojan-activity;sid:83962874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099762)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/opdxdyeul.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099762/; classtype:trojan-activity;sid:83962862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099760)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/06082025.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099760/; classtype:trojan-activity;sid:83962860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097429)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/operation6572.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097429/; classtype:trojan-activity;sid:83960529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097297)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/armadegon.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097297/; classtype:trojan-activity;sid:83960397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097110)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/rage.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097110/; classtype:trojan-activity;sid:83960210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/1.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"inspirepk.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096571/; classtype:trojan-activity;sid:83959671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096545)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/30072024.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096545/; classtype:trojan-activity;sid:83959645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096542)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/kitty.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096542/; classtype:trojan-activity;sid:83959642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096543)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_default.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096543/; classtype:trojan-activity;sid:83959643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096428)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096428/; classtype:trojan-activity;sid:83959528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096417)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vmi1547155.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096417/; classtype:trojan-activity;sid:83959517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096404)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096404/; classtype:trojan-activity;sid:83959504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3096385)"; flow:established,from_client; content:"GET"; http_method; content:"/d/filecontains.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.91.79.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_08; reference:url, urlhaus.abuse.ch/url/3096385/; classtype:trojan-activity;sid:83959485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094790)"; flow:established,from_client; content:"GET"; http_method; content:"/latest.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.9.35.70"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094790/; classtype:trojan-activity;sid:83957890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094781)"; flow:established,from_client; content:"GET"; http_method; content:"/logon.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.15.9.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094781/; classtype:trojan-activity;sid:83957881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093388)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.153.222.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093388/; classtype:trojan-activity;sid:83956488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093191)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.175.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093191/; classtype:trojan-activity;sid:83956291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093077)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.2.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093077/; classtype:trojan-activity;sid:83956177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093012)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.200.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093012/; classtype:trojan-activity;sid:83956112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089687)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/clsid.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089687/; classtype:trojan-activity;sid:83952787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3089612)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/3544436.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_05; reference:url, urlhaus.abuse.ch/url/3089612/; classtype:trojan-activity;sid:83952712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088913)"; flow:established,from_client; content:"GET"; http_method; content:"/%5bwww.ghxi.com%5d%e7%93%9c%e5%ad%90%e5%bd%b1%e8%a7%86v2_v1.9.1.1.apk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088913/; classtype:trojan-activity;sid:83952013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%88%91%e7%9a%84%e7%94%b5%e8%a7%86tv-v2.1.8-%e5%85%8d%e8%b4%b9%e7%ba%af%e5%87%80%e7%89%88.apk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088911/; classtype:trojan-activity;sid:83952011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088858)"; flow:established,from_client; content:"GET"; http_method; content:"/1722087714.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.192.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088858/; classtype:trojan-activity;sid:83951958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088857)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.116.192.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088857/; classtype:trojan-activity;sid:83951957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088158)"; flow:established,from_client; content:"GET"; http_method; content:"//1.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088158/; classtype:trojan-activity;sid:83951258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087715)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/cbmefxrmnv.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087715/; classtype:trojan-activity;sid:83950815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087662)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/systems.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087662/; classtype:trojan-activity;sid:83950762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3087649)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3087649/; classtype:trojan-activity;sid:83950749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086916)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086916/; classtype:trojan-activity;sid:83950016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086914)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086914/; classtype:trojan-activity;sid:83950014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086908)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086908/; classtype:trojan-activity;sid:83950008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086907)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"park.chuitian.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086907/; classtype:trojan-activity;sid:83950007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086906)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"rd.chuitian.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086906/; classtype:trojan-activity;sid:83950006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086899)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/x64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ciscocdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086899/; classtype:trojan-activity;sid:83949999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086854)"; flow:established,from_client; content:"GET"; http_method; content:"/d2/cdclient.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dld.jxwan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086854/; classtype:trojan-activity;sid:83949954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086853)"; flow:established,from_client; content:"GET"; http_method; content:"/d2/x64.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dld.jxwan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086853/; classtype:trojan-activity;sid:83949953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086850)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//three-daisies.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086850/; classtype:trojan-activity;sid:83949950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086851)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//yellow-rose.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086851/; classtype:trojan-activity;sid:83949951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086849)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1//smell-the-roses.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086849/; classtype:trojan-activity;sid:83949949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086848)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tb/tb.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086848/; classtype:trojan-activity;sid:83949948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086847)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jf/jf.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086847/; classtype:trojan-activity;sid:83949947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086846)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/wow.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086846/; classtype:trojan-activity;sid:83949946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086843)"; flow:established,from_client; content:"GET"; http_method; content:"/greetings//greetings1/hiya.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086843/; classtype:trojan-activity;sid:83949943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086829)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//jet.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086829/; classtype:trojan-activity;sid:83949929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086830)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//sunset1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086830/; classtype:trojan-activity;sid:83949930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086831)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/china.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086831/; classtype:trojan-activity;sid:83949931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086832)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//foggy-mountains.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086832/; classtype:trojan-activity;sid:83949932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086833)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//mountain-pasture.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086833/; classtype:trojan-activity;sid:83949933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086828)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1//china.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086828/; classtype:trojan-activity;sid:83949928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086419)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e6%a4%8d%e7%89%a9%e5%a4%a7%e6%88%98%e5%83%b5%e5%b0%b82%e4%bf%ae%e6%94%b9%e5%99%a8.exe"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086419/; classtype:trojan-activity;sid:83949519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086416)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/x64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"43.134.118.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086416/; classtype:trojan-activity;sid:83949516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086415)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e6%88%91%e7%9a%84%e4%b8%96%e7%95%8c_%e5%ad%a4%e5%b2%9b%e6%83%8a%e9%ad%823.exe"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086415/; classtype:trojan-activity;sid:83949515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086407)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/2.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086407/; classtype:trojan-activity;sid:83949507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086408)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e5%b0%8f%e9%b8%a1%e5%85%a5%e4%be%b5%e8%80%853.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086408/; classtype:trojan-activity;sid:83949508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086405)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%e7%8b%99%e5%87%bb%e6%89%8b_%e5%b9%bd%e7%81%b5%e6%88%98%e5%a3%ab2%e7%ae%80%e4%bd%93%e4%b8%ad%e6%96%87%e7%89%88.exe"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086405/; classtype:trojan-activity;sid:83949505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086403)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/3=====.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086403/; classtype:trojan-activity;sid:83949503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086395)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/3.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086395/; classtype:trojan-activity;sid:83949495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086388)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/n"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"43.134.118.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086388/; classtype:trojan-activity;sid:83949488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083844)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083844/; classtype:trojan-activity;sid:83946944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083792)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/23c2343.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083792/; classtype:trojan-activity;sid:83946892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083790)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-24_23-16.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083790/; classtype:trojan-activity;sid:83946890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083248)"; flow:established,from_client; content:"GET"; http_method; content:"/view.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083248/; classtype:trojan-activity;sid:83946348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083247)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sister-1324943887.cos.ap-guangzhou.myqcloud.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3083247/; classtype:trojan-activity;sid:83946347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081942)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/jsawdtyjde.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081942/; classtype:trojan-activity;sid:83945042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081941)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/mynewrdx.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081941/; classtype:trojan-activity;sid:83945041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081930)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4434.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_01; reference:url, urlhaus.abuse.ch/url/3081930/; classtype:trojan-activity;sid:83945030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3081269)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_31; reference:url, urlhaus.abuse.ch/url/3081269/; classtype:trojan-activity;sid:83944369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.147.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079797/; classtype:trojan-activity;sid:83942897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079460)"; flow:established,from_client; content:"GET"; http_method; content:"/webdav"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079460/; classtype:trojan-activity;sid:83942560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3079150)"; flow:established,from_client; content:"GET"; http_method; content:"/steam/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3079150/; classtype:trojan-activity;sid:83942250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078753)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/postbox.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078753/; classtype:trojan-activity;sid:83941853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3078669)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/stealc_valenciga.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_30; reference:url, urlhaus.abuse.ch/url/3078669/; classtype:trojan-activity;sid:83941769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075283)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/authenticator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075283/; classtype:trojan-activity;sid:83938383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075047)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/anticheat.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075047/; classtype:trojan-activity;sid:83938147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3075049)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build_2024-07-27_00-41.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3075049/; classtype:trojan-activity;sid:83938149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3074802)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhostc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_28; reference:url, urlhaus.abuse.ch/url/3074802/; classtype:trojan-activity;sid:83937902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; content:"GET"; http_method; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072970)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/main/ref_ba0929399122_pdf.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072970/; classtype:trojan-activity;sid:83936070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072971)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/raw/main/ref_ba0929399122_pdf.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072971/; classtype:trojan-activity;sid:83936071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072973)"; flow:established,from_client; content:"GET"; http_method; content:"/grayinv/henidus/raw/main/transaction_end_ids_58788719853478_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072973/; classtype:trojan-activity;sid:83936073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072521)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072521/; classtype:trojan-activity;sid:83935621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071940)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071940/; classtype:trojan-activity;sid:83935040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071939)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pharmaciesdetection.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071939/; classtype:trojan-activity;sid:83935039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3071844)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/influencednervous.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3071844/; classtype:trojan-activity;sid:83934944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069829)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069829/; classtype:trojan-activity;sid:83932929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069729)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069729/; classtype:trojan-activity;sid:83932829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069502)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069502/; classtype:trojan-activity;sid:83932602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069334)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069334/; classtype:trojan-activity;sid:83932434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069309)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069309/; classtype:trojan-activity;sid:83932409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069242)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069242/; classtype:trojan-activity;sid:83932342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069118)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069118/; classtype:trojan-activity;sid:83932218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3069085)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3069085/; classtype:trojan-activity;sid:83932185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068965)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eoufaoeuhoauengi.su"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068965/; classtype:trojan-activity;sid:83932065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068844)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt/2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068844/; classtype:trojan-activity;sid:83931944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068754)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068754/; classtype:trojan-activity;sid:83931854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068733)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068733/; classtype:trojan-activity;sid:83931833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068699)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068699/; classtype:trojan-activity;sid:83931799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068694)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068694/; classtype:trojan-activity;sid:83931794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068658)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068658/; classtype:trojan-activity;sid:83931758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068643)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068643/; classtype:trojan-activity;sid:83931743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068595)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068595/; classtype:trojan-activity;sid:83931695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068598)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068598/; classtype:trojan-activity;sid:83931698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068584)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068584/; classtype:trojan-activity;sid:83931684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068569)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068569/; classtype:trojan-activity;sid:83931669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068548)"; flow:established,from_client; content:"GET"; http_method; content:"/r.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068548/; classtype:trojan-activity;sid:83931648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068538)"; flow:established,from_client; content:"GET"; http_method; content:"/pp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068538/; classtype:trojan-activity;sid:83931638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068540)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068540/; classtype:trojan-activity;sid:83931640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068541)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068541/; classtype:trojan-activity;sid:83931641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068544)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068544/; classtype:trojan-activity;sid:83931644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068535)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068535/; classtype:trojan-activity;sid:83931635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068352)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/decryptjohn.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068352/; classtype:trojan-activity;sid:83931452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3068353)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/server.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_26; reference:url, urlhaus.abuse.ch/url/3068353/; classtype:trojan-activity;sid:83931453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067426)"; flow:established,from_client; content:"GET"; http_method; content:"/well/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067426/; classtype:trojan-activity;sid:83930526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067427)"; flow:established,from_client; content:"GET"; http_method; content:"/soka/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067427/; classtype:trojan-activity;sid:83930527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067318)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/2020.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067318/; classtype:trojan-activity;sid:83930418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067316)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/gawdth.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067316/; classtype:trojan-activity;sid:83930416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067315)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/4ck3rr.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067315/; classtype:trojan-activity;sid:83930415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067314)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/pered.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067314/; classtype:trojan-activity;sid:83930414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067313)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/25072023.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067313/; classtype:trojan-activity;sid:83930413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067312)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/svhosts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067312/; classtype:trojan-activity;sid:83930412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067309)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/build.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067309/; classtype:trojan-activity;sid:83930409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3067308)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/crypted.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.215.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_25; reference:url, urlhaus.abuse.ch/url/3067308/; classtype:trojan-activity;sid:83930408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063290/; classtype:trojan-activity;sid:83926390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052814)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.15.239.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052814/; classtype:trojan-activity;sid:83915914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045166)"; flow:established,from_client; content:"GET"; http_method; content:"/tdrpload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045166/; classtype:trojan-activity;sid:83908266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3045169)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_07_15; reference:url, urlhaus.abuse.ch/url/3045169/; classtype:trojan-activity;sid:83908269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968688)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader1.1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968688/; classtype:trojan-activity;sid:83831788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949406/; classtype:trojan-activity;sid:83812506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947794/; classtype:trojan-activity;sid:83810894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.194.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947795/; classtype:trojan-activity;sid:83810895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2946132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2946132/; classtype:trojan-activity;sid:83809232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2943264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.183.9.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2943264/; classtype:trojan-activity;sid:83806364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942717)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"111.231.145.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942717/; classtype:trojan-activity;sid:83805817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942718)"; flow:established,from_client; content:"GET"; http_method; content:"/fucksupershell"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942718/; classtype:trojan-activity;sid:83805818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942715)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942715/; classtype:trojan-activity;sid:83805815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942714)"; flow:established,from_client; content:"GET"; http_method; content:"/rssh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942714/; classtype:trojan-activity;sid:83805814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942673)"; flow:established,from_client; content:"GET"; http_method; content:"//shell.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942673/; classtype:trojan-activity;sid:83805773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942671)"; flow:established,from_client; content:"GET"; http_method; content:"/gdb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.96.128.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942671/; classtype:trojan-activity;sid:83805771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942557)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/tool.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942557/; classtype:trojan-activity;sid:83805657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932525)"; flow:established,from_client; content:"GET"; http_method; content:"/fotonview.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932525/; classtype:trojan-activity;sid:83795625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932524)"; flow:established,from_client; content:"GET"; http_method; content:"/evaluation.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932524/; classtype:trojan-activity;sid:83795624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932523)"; flow:established,from_client; content:"GET"; http_method; content:"/cameracomponent.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932523/; classtype:trojan-activity;sid:83795623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932522)"; flow:established,from_client; content:"GET"; http_method; content:"/kuwaitsetuphockey.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932522/; classtype:trojan-activity;sid:83795622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932521)"; flow:established,from_client; content:"GET"; http_method; content:"/officialsevaluationold.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932521/; classtype:trojan-activity;sid:83795621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932520)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932520/; classtype:trojan-activity;sid:83795620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932466)"; flow:established,from_client; content:"GET"; http_method; content:"/64.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932466/; classtype:trojan-activity;sid:83795566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932462)"; flow:established,from_client; content:"GET"; http_method; content:"/hooks.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932462/; classtype:trojan-activity;sid:83795562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932461)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hook.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932461/; classtype:trojan-activity;sid:83795561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2921858)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.254.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2921858/; classtype:trojan-activity;sid:83784958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2917510)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.23.169.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_02; reference:url, urlhaus.abuse.ch/url/2917510/; classtype:trojan-activity;sid:83780610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2916093)"; flow:established,from_client; content:"GET"; http_method; content:"/mpmgsvc.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.108.60.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_01; reference:url, urlhaus.abuse.ch/url/2916093/; classtype:trojan-activity;sid:83779193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.106.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914041/; classtype:trojan-activity;sid:83777141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912423)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssl.ftp21.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912423/; classtype:trojan-activity;sid:83775523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.3.78.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911218)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"230.sub-166-166-188.myvzw.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911218/; classtype:trojan-activity;sid:83774318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911213)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.166.188.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911213/; classtype:trojan-activity;sid:83774313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911204)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5-157-110-232.dyn.eolo.it"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911204/; classtype:trojan-activity;sid:83774304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911182)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.143.54.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911182/; classtype:trojan-activity;sid:83774282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911150)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.215.253.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911150/; classtype:trojan-activity;sid:83774250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911140)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.31.159.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911140/; classtype:trojan-activity;sid:83774240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911131)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.253.12.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911131/; classtype:trojan-activity;sid:83774231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911129/; classtype:trojan-activity;sid:83774229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.186.91.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911122/; classtype:trojan-activity;sid:83774222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910756/; classtype:trojan-activity;sid:83773856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910687)"; flow:established,from_client; content:"GET"; http_method; content:"/config/qnvqkfym.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"b46.oss-cn-hongkong.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910687/; classtype:trojan-activity;sid:83773787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910224)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"shell.dimitrimedia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910224/; classtype:trojan-activity;sid:83773324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2910223)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172-105-66-118.ip.linodeusercontent.com"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2910223/; classtype:trojan-activity;sid:83773323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.118.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908910)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908910/; classtype:trojan-activity;sid:83772010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908909)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"12.196.184.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908909/; classtype:trojan-activity;sid:83772009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.39.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908906)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.40.16.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908906/; classtype:trojan-activity;sid:83772006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908894)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908894/; classtype:trojan-activity;sid:83771994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908888)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908888/; classtype:trojan-activity;sid:83771988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908887)"; flow:established,from_client; content:"GET"; http_method; content:"/deccastationers.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908887/; classtype:trojan-activity;sid:83771987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908012)"; flow:established,from_client; content:"GET"; http_method; content:"/8/items/new_image_20240619_1432/new_image.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ia800400.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_26; reference:url, urlhaus.abuse.ch/url/2908012/; classtype:trojan-activity;sid:83771112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2906475)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2906475/; classtype:trojan-activity;sid:83769575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905204)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905204/; classtype:trojan-activity;sid:83768304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905145)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905145/; classtype:trojan-activity;sid:83768245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905125)"; flow:established,from_client; content:"GET"; http_method; content:"/pornhub_downloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905125/; classtype:trojan-activity;sid:83768225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2905115)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"203.232.37.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_25; reference:url, urlhaus.abuse.ch/url/2905115/; classtype:trojan-activity;sid:83768215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.118.121.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900550/; classtype:trojan-activity;sid:83763650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2900548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2900548/; classtype:trojan-activity;sid:83763648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2899910)"; flow:established,from_client; content:"GET"; http_method; content:"/16/items/new_image_202406/new_image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ia803405.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_06_21; reference:url, urlhaus.abuse.ch/url/2899910/; classtype:trojan-activity;sid:83763010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2898814)"; flow:established,from_client; content:"GET"; http_method; content:"/fury-os/fury_kms/releases/download/v.1.6.0/furykms_v.1.6.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_20; reference:url, urlhaus.abuse.ch/url/2898814/; classtype:trojan-activity;sid:83761914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896955)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896955/; classtype:trojan-activity;sid:83760055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896950)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896950/; classtype:trojan-activity;sid:83760050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896951)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896951/; classtype:trojan-activity;sid:83760051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2896948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.72.254.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2896948/; classtype:trojan-activity;sid:83760048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2892223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2892223/; classtype:trojan-activity;sid:83755323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.175.183.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888474)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888474/; classtype:trojan-activity;sid:83751574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888469)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.244.110.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888469/; classtype:trojan-activity;sid:83751569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.178.133.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888460)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888460/; classtype:trojan-activity;sid:83751560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888458)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888458/; classtype:trojan-activity;sid:83751558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888447)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.28.26.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888447/; classtype:trojan-activity;sid:83751547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888445)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.2.65.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888445/; classtype:trojan-activity;sid:83751545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888440/; classtype:trojan-activity;sid:83751540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883947/; classtype:trojan-activity;sid:83747047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2882153)"; flow:established,from_client; content:"GET"; http_method; content:"/payloads/dmshell.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"172.105.66.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2882153/; classtype:trojan-activity;sid:83745253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879955)"; flow:established,from_client; content:"GET"; http_method; content:"/unp%20setup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.138.125.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879955/; classtype:trojan-activity;sid:83743055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879846)"; flow:established,from_client; content:"GET"; http_method; content:"/cve/cve-2021-4034"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.120.46.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879846/; classtype:trojan-activity;sid:83742946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877319)"; flow:established,from_client; content:"GET"; http_method; content:"/slade107.psm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877319/; classtype:trojan-activity;sid:83740419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874516)"; flow:established,from_client; content:"GET"; http_method; content:"/o.elf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"reusable-flex.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874516/; classtype:trojan-activity;sid:83737616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; content:"GET"; http_method; content:"/walesboller.pcx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870174)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.7.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870174/; classtype:trojan-activity;sid:83733274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869436)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/rssh"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.88.186.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2869436/; classtype:trojan-activity;sid:83732536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868720)"; flow:established,from_client; content:"GET"; http_method; content:"/coreminer-linux-x86_64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868720/; classtype:trojan-activity;sid:83731820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868719)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordopaddcrontab.psl"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868719/; classtype:trojan-activity;sid:83731819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868710)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellfordop.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868710/; classtype:trojan-activity;sid:83731810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868714)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/start-powershellxlies.txt"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"39.99.131.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868714/; classtype:trojan-activity;sid:83731814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864267)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864267/; classtype:trojan-activity;sid:83727367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864261/; classtype:trojan-activity;sid:83727361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864246)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864246/; classtype:trojan-activity;sid:83727346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864247)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864247/; classtype:trojan-activity;sid:83727347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864249)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864249/; classtype:trojan-activity;sid:83727349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864252)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.42.198.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864252/; classtype:trojan-activity;sid:83727352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864253)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864253/; classtype:trojan-activity;sid:83727353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864254)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864254/; classtype:trojan-activity;sid:83727354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864255)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864255/; classtype:trojan-activity;sid:83727355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2864244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.247.206.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_26; reference:url, urlhaus.abuse.ch/url/2864244/; classtype:trojan-activity;sid:83727344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863534)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863534/; classtype:trojan-activity;sid:83726634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.10.233.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863372/; classtype:trojan-activity;sid:83726472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863373)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863373/; classtype:trojan-activity;sid:83726473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863371)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863371/; classtype:trojan-activity;sid:83726471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863363)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863363/; classtype:trojan-activity;sid:83726463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863354/; classtype:trojan-activity;sid:83726454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.88.50.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863355/; classtype:trojan-activity;sid:83726455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863343)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.191.190.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863343/; classtype:trojan-activity;sid:83726443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863328/; classtype:trojan-activity;sid:83726428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863321)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863321/; classtype:trojan-activity;sid:83726421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863322)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.135.42.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863322/; classtype:trojan-activity;sid:83726422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862046)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/6f2c5c"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862046/; classtype:trojan-activity;sid:83725146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862022/; classtype:trojan-activity;sid:83725122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862018)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862018/; classtype:trojan-activity;sid:83725118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862011/; classtype:trojan-activity;sid:83725111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862013)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862013/; classtype:trojan-activity;sid:83725113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861998)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861998/; classtype:trojan-activity;sid:83725098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861980)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861980/; classtype:trojan-activity;sid:83725080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861962)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861962/; classtype:trojan-activity;sid:83725062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861967)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861967/; classtype:trojan-activity;sid:83725067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861969/; classtype:trojan-activity;sid:83725069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861972)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861972/; classtype:trojan-activity;sid:83725072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861956/; classtype:trojan-activity;sid:83725056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861946)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861946/; classtype:trojan-activity;sid:83725046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861914)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861914/; classtype:trojan-activity;sid:83725014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861841)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861841/; classtype:trojan-activity;sid:83724941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861854)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861854/; classtype:trojan-activity;sid:83724954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861836)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861836/; classtype:trojan-activity;sid:83724936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861820)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861820/; classtype:trojan-activity;sid:83724920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861821)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861821/; classtype:trojan-activity;sid:83724921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861817)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861817/; classtype:trojan-activity;sid:83724917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861810)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861810/; classtype:trojan-activity;sid:83724910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861812)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861812/; classtype:trojan-activity;sid:83724912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861801)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.145.144.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861801/; classtype:trojan-activity;sid:83724901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861786)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861786/; classtype:trojan-activity;sid:83724886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861776)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861776/; classtype:trojan-activity;sid:83724876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861778)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861778/; classtype:trojan-activity;sid:83724878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861754)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861754/; classtype:trojan-activity;sid:83724854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861745)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861745/; classtype:trojan-activity;sid:83724845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861744)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861744/; classtype:trojan-activity;sid:83724844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861730)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861730/; classtype:trojan-activity;sid:83724830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861726)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861726/; classtype:trojan-activity;sid:83724826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861717)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861717/; classtype:trojan-activity;sid:83724817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861714)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861714/; classtype:trojan-activity;sid:83724814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861708)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861708/; classtype:trojan-activity;sid:83724808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861688)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861688/; classtype:trojan-activity;sid:83724788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861690)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861690/; classtype:trojan-activity;sid:83724790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861676)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861676/; classtype:trojan-activity;sid:83724776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861677)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861677/; classtype:trojan-activity;sid:83724777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861672)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861672/; classtype:trojan-activity;sid:83724772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861652)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861652/; classtype:trojan-activity;sid:83724752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861660)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.175.56.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861660/; classtype:trojan-activity;sid:83724760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861644)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861644/; classtype:trojan-activity;sid:83724744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861646)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861646/; classtype:trojan-activity;sid:83724746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861639)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861639/; classtype:trojan-activity;sid:83724739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861637)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861637/; classtype:trojan-activity;sid:83724737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861613)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861613/; classtype:trojan-activity;sid:83724713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861614)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861614/; classtype:trojan-activity;sid:83724714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861619)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861619/; classtype:trojan-activity;sid:83724719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861622)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861622/; classtype:trojan-activity;sid:83724722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861624)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861624/; classtype:trojan-activity;sid:83724724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861594)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861594/; classtype:trojan-activity;sid:83724694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861588)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861588/; classtype:trojan-activity;sid:83724688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861586)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861586/; classtype:trojan-activity;sid:83724686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861567)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861567/; classtype:trojan-activity;sid:83724667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861570)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861570/; classtype:trojan-activity;sid:83724670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861579)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861579/; classtype:trojan-activity;sid:83724679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861556)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861556/; classtype:trojan-activity;sid:83724656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861563)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.223.106.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861563/; classtype:trojan-activity;sid:83724663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861554)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.26.194.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861554/; classtype:trojan-activity;sid:83724654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2860721)"; flow:established,from_client; content:"GET"; http_method; content:"/srbijasetuphokej.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"79.101.0.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_23; reference:url, urlhaus.abuse.ch/url/2860721/; classtype:trojan-activity;sid:83723821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859117)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859117/; classtype:trojan-activity;sid:83722217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857893/; classtype:trojan-activity;sid:83720993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857898/; classtype:trojan-activity;sid:83720998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857888)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857888/; classtype:trojan-activity;sid:83720988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.179.62.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857884/; classtype:trojan-activity;sid:83720984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857874/; classtype:trojan-activity;sid:83720974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857871)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857871/; classtype:trojan-activity;sid:83720971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857872)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857872/; classtype:trojan-activity;sid:83720972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857865)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857865/; classtype:trojan-activity;sid:83720965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857866)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857866/; classtype:trojan-activity;sid:83720966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857861/; classtype:trojan-activity;sid:83720961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857854)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.154.67.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857854/; classtype:trojan-activity;sid:83720954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857850)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857850/; classtype:trojan-activity;sid:83720950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857848/; classtype:trojan-activity;sid:83720948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857846)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857846/; classtype:trojan-activity;sid:83720946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857835)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857835/; classtype:trojan-activity;sid:83720935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857836)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.95.166.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857836/; classtype:trojan-activity;sid:83720936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857833)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.67.155.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857833/; classtype:trojan-activity;sid:83720933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857831)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"98.180.230.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857831/; classtype:trojan-activity;sid:83720931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.19.79.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857810/; classtype:trojan-activity;sid:83720910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857806)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857806/; classtype:trojan-activity;sid:83720906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857797)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857797/; classtype:trojan-activity;sid:83720897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857780/; classtype:trojan-activity;sid:83720880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857776)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.202.20.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857776/; classtype:trojan-activity;sid:83720876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857770)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857770/; classtype:trojan-activity;sid:83720870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857771)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857771/; classtype:trojan-activity;sid:83720871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857752)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857752/; classtype:trojan-activity;sid:83720852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.139.100.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857753/; classtype:trojan-activity;sid:83720853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857755/; classtype:trojan-activity;sid:83720855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857746)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857746/; classtype:trojan-activity;sid:83720846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857736)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.122.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857736/; classtype:trojan-activity;sid:83720836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857724)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857724/; classtype:trojan-activity;sid:83720824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857722)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857722/; classtype:trojan-activity;sid:83720822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857721)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.200.171.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857721/; classtype:trojan-activity;sid:83720821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857717/; classtype:trojan-activity;sid:83720817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857710)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857710/; classtype:trojan-activity;sid:83720810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857712)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857712/; classtype:trojan-activity;sid:83720812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857708)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857708/; classtype:trojan-activity;sid:83720808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857706)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857706/; classtype:trojan-activity;sid:83720806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.241.90.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857693/; classtype:trojan-activity;sid:83720793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857679)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.154.123.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857679/; classtype:trojan-activity;sid:83720779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857674/; classtype:trojan-activity;sid:83720774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857676)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857676/; classtype:trojan-activity;sid:83720776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857670/; classtype:trojan-activity;sid:83720770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857671/; classtype:trojan-activity;sid:83720771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857662)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857662/; classtype:trojan-activity;sid:83720762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857657/; classtype:trojan-activity;sid:83720757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857655)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857655/; classtype:trojan-activity;sid:83720755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857645/; classtype:trojan-activity;sid:83720745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857633)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857633/; classtype:trojan-activity;sid:83720733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857635)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"204.11.227.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857635/; classtype:trojan-activity;sid:83720735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857640)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857640/; classtype:trojan-activity;sid:83720740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857628/; classtype:trojan-activity;sid:83720728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857621/; classtype:trojan-activity;sid:83720721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857616)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857616/; classtype:trojan-activity;sid:83720716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857613)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857613/; classtype:trojan-activity;sid:83720713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857606)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.214.27.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857606/; classtype:trojan-activity;sid:83720706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857607)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.86.136.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857607/; classtype:trojan-activity;sid:83720707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857600/; classtype:trojan-activity;sid:83720700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857586/; classtype:trojan-activity;sid:83720686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857583)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857583/; classtype:trojan-activity;sid:83720683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857578)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857578/; classtype:trojan-activity;sid:83720678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857576)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857576/; classtype:trojan-activity;sid:83720676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857574)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857574/; classtype:trojan-activity;sid:83720674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857568)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857568/; classtype:trojan-activity;sid:83720668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857563)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857563/; classtype:trojan-activity;sid:83720663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.251.62.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857564/; classtype:trojan-activity;sid:83720664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857566)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857566/; classtype:trojan-activity;sid:83720666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857556)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.21.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857556/; classtype:trojan-activity;sid:83720656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857542)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857542/; classtype:trojan-activity;sid:83720642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.253.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857543/; classtype:trojan-activity;sid:83720643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857539/; classtype:trojan-activity;sid:83720639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857522)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857522/; classtype:trojan-activity;sid:83720622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857510/; classtype:trojan-activity;sid:83720610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857509)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.72.72.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857509/; classtype:trojan-activity;sid:83720609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857507)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857507/; classtype:trojan-activity;sid:83720607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857501)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857501/; classtype:trojan-activity;sid:83720601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857500)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857500/; classtype:trojan-activity;sid:83720600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.63.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857492/; classtype:trojan-activity;sid:83720592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857493/; classtype:trojan-activity;sid:83720593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857485)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.196.121.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857485/; classtype:trojan-activity;sid:83720585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857475)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857475/; classtype:trojan-activity;sid:83720575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857472)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857472/; classtype:trojan-activity;sid:83720572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857454/; classtype:trojan-activity;sid:83720554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857455)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857455/; classtype:trojan-activity;sid:83720555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857457)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857457/; classtype:trojan-activity;sid:83720557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857458)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.185.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857458/; classtype:trojan-activity;sid:83720558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857459)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.65.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857459/; classtype:trojan-activity;sid:83720559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857438)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857438/; classtype:trojan-activity;sid:83720538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857439)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.118.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857439/; classtype:trojan-activity;sid:83720539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857434)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.182.253.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857434/; classtype:trojan-activity;sid:83720534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857169)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857169/; classtype:trojan-activity;sid:83720269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854636)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.18.0-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"46.231.32.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854636/; classtype:trojan-activity;sid:83717736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854622)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854622/; classtype:trojan-activity;sid:83717722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854623)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig0.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854623/; classtype:trojan-activity;sid:83717723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2854611)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig-6.19.3-linux-x64.tar.gz"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"31.186.217.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_18; reference:url, urlhaus.abuse.ch/url/2854611/; classtype:trojan-activity;sid:83717711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850765)"; flow:established,from_client; content:"GET"; http_method; content:"/x103.log"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zffsg.oss-ap-northeast-2.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_05_15; reference:url, urlhaus.abuse.ch/url/2850765/; classtype:trojan-activity;sid:83713865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850173)"; flow:established,from_client; content:"GET"; http_method; content:"/990_ota.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"59.59.6.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_14; reference:url, urlhaus.abuse.ch/url/2850173/; classtype:trojan-activity;sid:83713273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845932)"; flow:established,from_client; content:"GET"; http_method; content:"/av_downloader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845932/; classtype:trojan-activity;sid:83709032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845931)"; flow:established,from_client; content:"GET"; http_method; content:"/install_python3.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.240.65.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845931/; classtype:trojan-activity;sid:83709031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845681)"; flow:established,from_client; content:"GET"; http_method; content:"/app/filesrc/android/apk/2023/zonghengxsandroid_7.5.6.63_zh-zhh5.apk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"static.zongheng.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845681/; classtype:trojan-activity;sid:83708781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842724/; classtype:trojan-activity;sid:83705824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842669)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.45.130.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842669/; classtype:trojan-activity;sid:83705769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842663/; classtype:trojan-activity;sid:83705763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842655/; classtype:trojan-activity;sid:83705755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842650/; classtype:trojan-activity;sid:83705750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842402/; classtype:trojan-activity;sid:83705502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.92.29.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842405/; classtype:trojan-activity;sid:83705505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.45.130.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842410/; classtype:trojan-activity;sid:83705510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842081/; classtype:trojan-activity;sid:83705181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842062)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842062/; classtype:trojan-activity;sid:83705162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842056)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.42.105.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842056/; classtype:trojan-activity;sid:83705156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842053/; classtype:trojan-activity;sid:83705153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842055)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.70.95.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842055/; classtype:trojan-activity;sid:83705155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842047)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.235.66.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842047/; classtype:trojan-activity;sid:83705147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842037)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842037/; classtype:trojan-activity;sid:83705137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842033)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842033/; classtype:trojan-activity;sid:83705133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.118.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842020/; classtype:trojan-activity;sid:83705120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842023)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842023/; classtype:trojan-activity;sid:83705123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842026/; classtype:trojan-activity;sid:83705126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842010)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842010/; classtype:trojan-activity;sid:83705110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.8.227.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842003/; classtype:trojan-activity;sid:83705103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841990)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.231.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841990/; classtype:trojan-activity;sid:83705090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841999)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841999/; classtype:trojan-activity;sid:83705099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841988)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841988/; classtype:trojan-activity;sid:83705088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841979)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841979/; classtype:trojan-activity;sid:83705079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841974/; classtype:trojan-activity;sid:83705074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841962)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841962/; classtype:trojan-activity;sid:83705062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841967)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841967/; classtype:trojan-activity;sid:83705067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841945)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841945/; classtype:trojan-activity;sid:83705045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.163.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841947/; classtype:trojan-activity;sid:83705047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.209.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841949/; classtype:trojan-activity;sid:83705049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841929/; classtype:trojan-activity;sid:83705029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841932/; classtype:trojan-activity;sid:83705032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.206.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841726/; classtype:trojan-activity;sid:83704826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841721/; classtype:trojan-activity;sid:83704821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.53.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841713/; classtype:trojan-activity;sid:83704813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841714/; classtype:trojan-activity;sid:83704814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841679/; classtype:trojan-activity;sid:83704779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.239.254.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841666/; classtype:trojan-activity;sid:83704766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.39.247.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841667/; classtype:trojan-activity;sid:83704767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.235.66.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841668/; classtype:trojan-activity;sid:83704768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841650/; classtype:trojan-activity;sid:83704750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.51.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841636/; classtype:trojan-activity;sid:83704736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841644/; classtype:trojan-activity;sid:83704744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.209.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841625/; classtype:trojan-activity;sid:83704725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.189.254.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841617/; classtype:trojan-activity;sid:83704717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.42.105.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841619/; classtype:trojan-activity;sid:83704719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841604/; classtype:trojan-activity;sid:83704704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.118.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841606/; classtype:trojan-activity;sid:83704706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.70.95.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841598/; classtype:trojan-activity;sid:83704698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.231.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841603/; classtype:trojan-activity;sid:83704703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.8.227.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841587/; classtype:trojan-activity;sid:83704687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841591/; classtype:trojan-activity;sid:83704691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.107.78.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841582/; classtype:trojan-activity;sid:83704682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.224.143.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841581/; classtype:trojan-activity;sid:83704681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.163.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841575/; classtype:trojan-activity;sid:83704675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841570/; classtype:trojan-activity;sid:83704670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; content:"GET"; http_method; content:"/ag_injector_latest.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.aginjector.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836794)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/bots_mips"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836794/; classtype:trojan-activity;sid:83699894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833829)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/disbot"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833829/; classtype:trojan-activity;sid:83696929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833648)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833648/; classtype:trojan-activity;sid:83696748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833649)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm6"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833649/; classtype:trojan-activity;sid:83696749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833650)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mips"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833650/; classtype:trojan-activity;sid:83696750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833651)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_64"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833651/; classtype:trojan-activity;sid:83696751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833643)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm5"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833643/; classtype:trojan-activity;sid:83696743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833644)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/m68k"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833644/; classtype:trojan-activity;sid:83696744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833645)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/sh4"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833645/; classtype:trojan-activity;sid:83696745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833646)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mpsl"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833646/; classtype:trojan-activity;sid:83696746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833647)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833647/; classtype:trojan-activity;sid:83696747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833642)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_32"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833642/; classtype:trojan-activity;sid:83696742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833217)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/386"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833217/; classtype:trojan-activity;sid:83696317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833216)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833216/; classtype:trojan-activity;sid:83696316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833213)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833213/; classtype:trojan-activity;sid:83696313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822910)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822910/; classtype:trojan-activity;sid:83686010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822895/; classtype:trojan-activity;sid:83685995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822899)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822899/; classtype:trojan-activity;sid:83685999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822887)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822887/; classtype:trojan-activity;sid:83685987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822876)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822876/; classtype:trojan-activity;sid:83685976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822864)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.105.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822864/; classtype:trojan-activity;sid:83685964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822866)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822866/; classtype:trojan-activity;sid:83685966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822869)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822869/; classtype:trojan-activity;sid:83685969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822861/; classtype:trojan-activity;sid:83685961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822844)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822844/; classtype:trojan-activity;sid:83685944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822845)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822845/; classtype:trojan-activity;sid:83685945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822846)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822846/; classtype:trojan-activity;sid:83685946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822841)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.50.7.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822841/; classtype:trojan-activity;sid:83685941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822808)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822808/; classtype:trojan-activity;sid:83685908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822811/; classtype:trojan-activity;sid:83685911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822812)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822812/; classtype:trojan-activity;sid:83685912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822815)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822815/; classtype:trojan-activity;sid:83685915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822816)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.36.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822816/; classtype:trojan-activity;sid:83685916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822804)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.250.206.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822804/; classtype:trojan-activity;sid:83685904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822806)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822806/; classtype:trojan-activity;sid:83685906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822800)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822800/; classtype:trojan-activity;sid:83685900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822778/; classtype:trojan-activity;sid:83685878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822781/; classtype:trojan-activity;sid:83685881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822770/; classtype:trojan-activity;sid:83685870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822762/; classtype:trojan-activity;sid:83685862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822764)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822764/; classtype:trojan-activity;sid:83685864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822757/; classtype:trojan-activity;sid:83685857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822754/; classtype:trojan-activity;sid:83685854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822746)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822746/; classtype:trojan-activity;sid:83685846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822747)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822747/; classtype:trojan-activity;sid:83685847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822736)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822736/; classtype:trojan-activity;sid:83685836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822743)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822743/; classtype:trojan-activity;sid:83685843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822718/; classtype:trojan-activity;sid:83685818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822719)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.216.69.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822719/; classtype:trojan-activity;sid:83685819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822697)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822697/; classtype:trojan-activity;sid:83685797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822704)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822704/; classtype:trojan-activity;sid:83685804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822684)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822684/; classtype:trojan-activity;sid:83685784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822688/; classtype:trojan-activity;sid:83685788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822692)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822692/; classtype:trojan-activity;sid:83685792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822694)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822694/; classtype:trojan-activity;sid:83685794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822677)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822677/; classtype:trojan-activity;sid:83685777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822678)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822678/; classtype:trojan-activity;sid:83685778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822681)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822681/; classtype:trojan-activity;sid:83685781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822674/; classtype:trojan-activity;sid:83685774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822666)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822666/; classtype:trojan-activity;sid:83685766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822648)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.36.80.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822648/; classtype:trojan-activity;sid:83685748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822653/; classtype:trojan-activity;sid:83685753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822655/; classtype:trojan-activity;sid:83685755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822658)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822658/; classtype:trojan-activity;sid:83685758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822637)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822637/; classtype:trojan-activity;sid:83685737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822638)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822638/; classtype:trojan-activity;sid:83685738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822634)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822634/; classtype:trojan-activity;sid:83685734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822622)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822622/; classtype:trojan-activity;sid:83685722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822605)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.245.131.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822605/; classtype:trojan-activity;sid:83685705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822609)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822609/; classtype:trojan-activity;sid:83685709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822590)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822590/; classtype:trojan-activity;sid:83685690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822596)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822596/; classtype:trojan-activity;sid:83685696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822577)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822577/; classtype:trojan-activity;sid:83685677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822581)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822581/; classtype:trojan-activity;sid:83685681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822586)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822586/; classtype:trojan-activity;sid:83685686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822566)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822566/; classtype:trojan-activity;sid:83685666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822568/; classtype:trojan-activity;sid:83685668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822571)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822571/; classtype:trojan-activity;sid:83685671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822574)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822574/; classtype:trojan-activity;sid:83685674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822557)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822557/; classtype:trojan-activity;sid:83685657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822564)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822564/; classtype:trojan-activity;sid:83685664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822547/; classtype:trojan-activity;sid:83685647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822536/; classtype:trojan-activity;sid:83685636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822542)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822542/; classtype:trojan-activity;sid:83685642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822523)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822523/; classtype:trojan-activity;sid:83685623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.195.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822524/; classtype:trojan-activity;sid:83685624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822526)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822526/; classtype:trojan-activity;sid:83685626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822532)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822532/; classtype:trojan-activity;sid:83685632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822514/; classtype:trojan-activity;sid:83685614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822515)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822515/; classtype:trojan-activity;sid:83685615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822506)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822506/; classtype:trojan-activity;sid:83685606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822510)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.251.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822510/; classtype:trojan-activity;sid:83685610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822498)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822498/; classtype:trojan-activity;sid:83685598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822496)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.33.114.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822496/; classtype:trojan-activity;sid:83685596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822494)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822494/; classtype:trojan-activity;sid:83685594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822481)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822481/; classtype:trojan-activity;sid:83685581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822484)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822484/; classtype:trojan-activity;sid:83685584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822474)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822474/; classtype:trojan-activity;sid:83685574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822475/; classtype:trojan-activity;sid:83685575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822451)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822451/; classtype:trojan-activity;sid:83685551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822436)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822436/; classtype:trojan-activity;sid:83685536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822437)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.218.249.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822437/; classtype:trojan-activity;sid:83685537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822439)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822439/; classtype:trojan-activity;sid:83685539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822443/; classtype:trojan-activity;sid:83685543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822432/; classtype:trojan-activity;sid:83685532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822418)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822418/; classtype:trojan-activity;sid:83685518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822421)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822421/; classtype:trojan-activity;sid:83685521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822390)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822390/; classtype:trojan-activity;sid:83685490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822383)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822383/; classtype:trojan-activity;sid:83685483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822374/; classtype:trojan-activity;sid:83685474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822376)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822376/; classtype:trojan-activity;sid:83685476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822367)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822367/; classtype:trojan-activity;sid:83685467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822356)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822356/; classtype:trojan-activity;sid:83685456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822358)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822358/; classtype:trojan-activity;sid:83685458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822362)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822362/; classtype:trojan-activity;sid:83685462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822345)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822345/; classtype:trojan-activity;sid:83685445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822342)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822342/; classtype:trojan-activity;sid:83685442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822330)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822330/; classtype:trojan-activity;sid:83685430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822316/; classtype:trojan-activity;sid:83685416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822308)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822308/; classtype:trojan-activity;sid:83685408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822299)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822299/; classtype:trojan-activity;sid:83685399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822288)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822288/; classtype:trojan-activity;sid:83685388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822295)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822295/; classtype:trojan-activity;sid:83685395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822284/; classtype:trojan-activity;sid:83685384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822286)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822286/; classtype:trojan-activity;sid:83685386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822257/; classtype:trojan-activity;sid:83685357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822253/; classtype:trojan-activity;sid:83685353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822225)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822225/; classtype:trojan-activity;sid:83685325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822227/; classtype:trojan-activity;sid:83685327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822228)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822228/; classtype:trojan-activity;sid:83685328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822230/; classtype:trojan-activity;sid:83685330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822217)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822217/; classtype:trojan-activity;sid:83685317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822219/; classtype:trojan-activity;sid:83685319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822214)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822214/; classtype:trojan-activity;sid:83685314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822205)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822205/; classtype:trojan-activity;sid:83685305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822194/; classtype:trojan-activity;sid:83685294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822182/; classtype:trojan-activity;sid:83685282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822181/; classtype:trojan-activity;sid:83685281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822160/; classtype:trojan-activity;sid:83685260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822161/; classtype:trojan-activity;sid:83685261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822162/; classtype:trojan-activity;sid:83685262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822163)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822163/; classtype:trojan-activity;sid:83685263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822168/; classtype:trojan-activity;sid:83685268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822169/; classtype:trojan-activity;sid:83685269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822149)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822149/; classtype:trojan-activity;sid:83685249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822151)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822151/; classtype:trojan-activity;sid:83685251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822144)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822144/; classtype:trojan-activity;sid:83685244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822145)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.69.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822145/; classtype:trojan-activity;sid:83685245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822140/; classtype:trojan-activity;sid:83685240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822138/; classtype:trojan-activity;sid:83685238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822129/; classtype:trojan-activity;sid:83685229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822133/; classtype:trojan-activity;sid:83685233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822134)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822134/; classtype:trojan-activity;sid:83685234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822125)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822125/; classtype:trojan-activity;sid:83685225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822127/; classtype:trojan-activity;sid:83685227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822117)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822117/; classtype:trojan-activity;sid:83685217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822100/; classtype:trojan-activity;sid:83685200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822094)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822094/; classtype:trojan-activity;sid:83685194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822083/; classtype:trojan-activity;sid:83685183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822084/; classtype:trojan-activity;sid:83685184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822073/; classtype:trojan-activity;sid:83685173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822066)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822066/; classtype:trojan-activity;sid:83685166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822063)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822063/; classtype:trojan-activity;sid:83685163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822048/; classtype:trojan-activity;sid:83685148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822052)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822052/; classtype:trojan-activity;sid:83685152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822042)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822042/; classtype:trojan-activity;sid:83685142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822046)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.175.189.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822046/; classtype:trojan-activity;sid:83685146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822035/; classtype:trojan-activity;sid:83685135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822040)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822040/; classtype:trojan-activity;sid:83685140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.98.13.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822020/; classtype:trojan-activity;sid:83685120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822025)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822025/; classtype:trojan-activity;sid:83685125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822027)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822027/; classtype:trojan-activity;sid:83685127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822017)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822017/; classtype:trojan-activity;sid:83685117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822018/; classtype:trojan-activity;sid:83685118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.73.244.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822019/; classtype:trojan-activity;sid:83685119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822011)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822011/; classtype:trojan-activity;sid:83685111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822007/; classtype:trojan-activity;sid:83685107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822003/; classtype:trojan-activity;sid:83685103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821981/; classtype:trojan-activity;sid:83685081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821983/; classtype:trojan-activity;sid:83685083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821966)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821966/; classtype:trojan-activity;sid:83685066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821952)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821952/; classtype:trojan-activity;sid:83685052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821953/; classtype:trojan-activity;sid:83685053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821929/; classtype:trojan-activity;sid:83685029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821935/; classtype:trojan-activity;sid:83685035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821917/; classtype:trojan-activity;sid:83685017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821915)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821915/; classtype:trojan-activity;sid:83685015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821850/; classtype:trojan-activity;sid:83684950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.166.220.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821842/; classtype:trojan-activity;sid:83684942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821844/; classtype:trojan-activity;sid:83684944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821829/; classtype:trojan-activity;sid:83684929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821825/; classtype:trojan-activity;sid:83684925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.190.57.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821826/; classtype:trojan-activity;sid:83684926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821819/; classtype:trojan-activity;sid:83684919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821820/; classtype:trojan-activity;sid:83684920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821821/; classtype:trojan-activity;sid:83684921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821811/; classtype:trojan-activity;sid:83684911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821813/; classtype:trojan-activity;sid:83684913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821806/; classtype:trojan-activity;sid:83684906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821793/; classtype:trojan-activity;sid:83684893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.149.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821794/; classtype:trojan-activity;sid:83684894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821789/; classtype:trojan-activity;sid:83684889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821783/; classtype:trojan-activity;sid:83684883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821765/; classtype:trojan-activity;sid:83684865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821753/; classtype:trojan-activity;sid:83684853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821745/; classtype:trojan-activity;sid:83684845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821738/; classtype:trojan-activity;sid:83684838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821729/; classtype:trojan-activity;sid:83684829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821730/; classtype:trojan-activity;sid:83684830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.33.114.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821733/; classtype:trojan-activity;sid:83684833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821734/; classtype:trojan-activity;sid:83684834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821721/; classtype:trojan-activity;sid:83684821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821726/; classtype:trojan-activity;sid:83684826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.209.71.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821713/; classtype:trojan-activity;sid:83684813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.93.245.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821703/; classtype:trojan-activity;sid:83684803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821690/; classtype:trojan-activity;sid:83684790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821692/; classtype:trojan-activity;sid:83684792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821700/; classtype:trojan-activity;sid:83684800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821679/; classtype:trojan-activity;sid:83684779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821681/; classtype:trojan-activity;sid:83684781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821688/; classtype:trojan-activity;sid:83684788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.190.109.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821678/; classtype:trojan-activity;sid:83684778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.129.147.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821673/; classtype:trojan-activity;sid:83684773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821669/; classtype:trojan-activity;sid:83684769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821653/; classtype:trojan-activity;sid:83684753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821654/; classtype:trojan-activity;sid:83684754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821646/; classtype:trojan-activity;sid:83684746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.205.125.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821643/; classtype:trojan-activity;sid:83684743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821636/; classtype:trojan-activity;sid:83684736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821625/; classtype:trojan-activity;sid:83684725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"165.90.16.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821605/; classtype:trojan-activity;sid:83684705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821580/; classtype:trojan-activity;sid:83684680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818999/; classtype:trojan-activity;sid:83682099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818993/; classtype:trojan-activity;sid:83682093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818987/; classtype:trojan-activity;sid:83682087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818981/; classtype:trojan-activity;sid:83682081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818984/; classtype:trojan-activity;sid:83682084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818967/; classtype:trojan-activity;sid:83682067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818969/; classtype:trojan-activity;sid:83682069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818977/; classtype:trojan-activity;sid:83682077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818966/; classtype:trojan-activity;sid:83682066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818953/; classtype:trojan-activity;sid:83682053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818948/; classtype:trojan-activity;sid:83682048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818942/; classtype:trojan-activity;sid:83682042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818943/; classtype:trojan-activity;sid:83682043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818930/; classtype:trojan-activity;sid:83682030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818940/; classtype:trojan-activity;sid:83682040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818920/; classtype:trojan-activity;sid:83682020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.73.244.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818912/; classtype:trojan-activity;sid:83682012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818906/; classtype:trojan-activity;sid:83682006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.236.93.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818875/; classtype:trojan-activity;sid:83681975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818876/; classtype:trojan-activity;sid:83681976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818877/; classtype:trojan-activity;sid:83681977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818874/; classtype:trojan-activity;sid:83681974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818857/; classtype:trojan-activity;sid:83681957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818853/; classtype:trojan-activity;sid:83681953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818833/; classtype:trojan-activity;sid:83681933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.25.133.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818829/; classtype:trojan-activity;sid:83681929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"136.169.119.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818826/; classtype:trojan-activity;sid:83681926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.216.69.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818820/; classtype:trojan-activity;sid:83681920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818821/; classtype:trojan-activity;sid:83681921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818797/; classtype:trojan-activity;sid:83681897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818804/; classtype:trojan-activity;sid:83681904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818806/; classtype:trojan-activity;sid:83681906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818768/; classtype:trojan-activity;sid:83681868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818240/; classtype:trojan-activity;sid:83681340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818237/; classtype:trojan-activity;sid:83681337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818229/; classtype:trojan-activity;sid:83681329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818227/; classtype:trojan-activity;sid:83681327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818228/; classtype:trojan-activity;sid:83681328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817148)"; flow:established,from_client; content:"GET"; http_method; content:"/coolismoney/laughing-octo-tribble/releases/download/v2/crazycore.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817148/; classtype:trojan-activity;sid:83680248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814128/; classtype:trojan-activity;sid:83677228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814116/; classtype:trojan-activity;sid:83677216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814093/; classtype:trojan-activity;sid:83677193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814087/; classtype:trojan-activity;sid:83677187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.186.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814081/; classtype:trojan-activity;sid:83677181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814083/; classtype:trojan-activity;sid:83677183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813793/; classtype:trojan-activity;sid:83676893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813148/; classtype:trojan-activity;sid:83676248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.218.249.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813140/; classtype:trojan-activity;sid:83676240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813147/; classtype:trojan-activity;sid:83676247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813128/; classtype:trojan-activity;sid:83676228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.198.242.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813129/; classtype:trojan-activity;sid:83676229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.219.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813130/; classtype:trojan-activity;sid:83676230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813132/; classtype:trojan-activity;sid:83676232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.81.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813122/; classtype:trojan-activity;sid:83676222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813118/; classtype:trojan-activity;sid:83676218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813093/; classtype:trojan-activity;sid:83676193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.142.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813103/; classtype:trojan-activity;sid:83676203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813068/; classtype:trojan-activity;sid:83676168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813070/; classtype:trojan-activity;sid:83676170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813057/; classtype:trojan-activity;sid:83676157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813060/; classtype:trojan-activity;sid:83676160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813064/; classtype:trojan-activity;sid:83676164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813048/; classtype:trojan-activity;sid:83676148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813051/; classtype:trojan-activity;sid:83676151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813052/; classtype:trojan-activity;sid:83676152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.250.206.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813038/; classtype:trojan-activity;sid:83676138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813041/; classtype:trojan-activity;sid:83676141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.29.137.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813029/; classtype:trojan-activity;sid:83676129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809224/; classtype:trojan-activity;sid:83672324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.95.186.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809204/; classtype:trojan-activity;sid:83672304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809190/; classtype:trojan-activity;sid:83672290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.143.195.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809192/; classtype:trojan-activity;sid:83672292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809182/; classtype:trojan-activity;sid:83672282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809184/; classtype:trojan-activity;sid:83672284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809175/; classtype:trojan-activity;sid:83672275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809171/; classtype:trojan-activity;sid:83672271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.101.191.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809160/; classtype:trojan-activity;sid:83672260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809149/; classtype:trojan-activity;sid:83672249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809139/; classtype:trojan-activity;sid:83672239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809135/; classtype:trojan-activity;sid:83672235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809115/; classtype:trojan-activity;sid:83672215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809120/; classtype:trojan-activity;sid:83672220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809112/; classtype:trojan-activity;sid:83672212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809105/; classtype:trojan-activity;sid:83672205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.112.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809088/; classtype:trojan-activity;sid:83672188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809071/; classtype:trojan-activity;sid:83672171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809054/; classtype:trojan-activity;sid:83672154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809010/; classtype:trojan-activity;sid:83672110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809011/; classtype:trojan-activity;sid:83672111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809006/; classtype:trojan-activity;sid:83672106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.105.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808999/; classtype:trojan-activity;sid:83672099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808985/; classtype:trojan-activity;sid:83672085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.61.246.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808980/; classtype:trojan-activity;sid:83672080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808972/; classtype:trojan-activity;sid:83672072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.174.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808963/; classtype:trojan-activity;sid:83672063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808970/; classtype:trojan-activity;sid:83672070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808952/; classtype:trojan-activity;sid:83672052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808946/; classtype:trojan-activity;sid:83672046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808931/; classtype:trojan-activity;sid:83672031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808935/; classtype:trojan-activity;sid:83672035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808936/; classtype:trojan-activity;sid:83672036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808939/; classtype:trojan-activity;sid:83672039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.7.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808918/; classtype:trojan-activity;sid:83672018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.175.189.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808921/; classtype:trojan-activity;sid:83672021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.74.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808911/; classtype:trojan-activity;sid:83672011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808882/; classtype:trojan-activity;sid:83671982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808883/; classtype:trojan-activity;sid:83671983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.218.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808875/; classtype:trojan-activity;sid:83671975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.113.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808850/; classtype:trojan-activity;sid:83671950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808851/; classtype:trojan-activity;sid:83671951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808852/; classtype:trojan-activity;sid:83671952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808842/; classtype:trojan-activity;sid:83671942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808832/; classtype:trojan-activity;sid:83671932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808826/; classtype:trojan-activity;sid:83671926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808802/; classtype:trojan-activity;sid:83671902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808797/; classtype:trojan-activity;sid:83671897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808798/; classtype:trojan-activity;sid:83671898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808787/; classtype:trojan-activity;sid:83671887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.36.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808790/; classtype:trojan-activity;sid:83671890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808778/; classtype:trojan-activity;sid:83671878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808770/; classtype:trojan-activity;sid:83671870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.152.44.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808766/; classtype:trojan-activity;sid:83671866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808767/; classtype:trojan-activity;sid:83671867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808754/; classtype:trojan-activity;sid:83671854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808748/; classtype:trojan-activity;sid:83671848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808751/; classtype:trojan-activity;sid:83671851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.69.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808743/; classtype:trojan-activity;sid:83671843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808735/; classtype:trojan-activity;sid:83671835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808738/; classtype:trojan-activity;sid:83671838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808740/; classtype:trojan-activity;sid:83671840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808716/; classtype:trojan-activity;sid:83671816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808643/; classtype:trojan-activity;sid:83671743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808637/; classtype:trojan-activity;sid:83671737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.98.13.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808615/; classtype:trojan-activity;sid:83671715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808564/; classtype:trojan-activity;sid:83671664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808563/; classtype:trojan-activity;sid:83671663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808561/; classtype:trojan-activity;sid:83671661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.147.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808544/; classtype:trojan-activity;sid:83671644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.7.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808528/; classtype:trojan-activity;sid:83671628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.191.218.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808521/; classtype:trojan-activity;sid:83671621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808522/; classtype:trojan-activity;sid:83671622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808525/; classtype:trojan-activity;sid:83671625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808511/; classtype:trojan-activity;sid:83671611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808495/; classtype:trojan-activity;sid:83671595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808482/; classtype:trojan-activity;sid:83671582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808475/; classtype:trojan-activity;sid:83671575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808468/; classtype:trojan-activity;sid:83671568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808470/; classtype:trojan-activity;sid:83671570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808474/; classtype:trojan-activity;sid:83671574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808459/; classtype:trojan-activity;sid:83671559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808460/; classtype:trojan-activity;sid:83671560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.200.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808432/; classtype:trojan-activity;sid:83671532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808442/; classtype:trojan-activity;sid:83671542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808443/; classtype:trojan-activity;sid:83671543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808425/; classtype:trojan-activity;sid:83671525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808427/; classtype:trojan-activity;sid:83671527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808420/; classtype:trojan-activity;sid:83671520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808406/; classtype:trojan-activity;sid:83671506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808408/; classtype:trojan-activity;sid:83671508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808396/; classtype:trojan-activity;sid:83671496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808376/; classtype:trojan-activity;sid:83671476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.72.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808377/; classtype:trojan-activity;sid:83671477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808380/; classtype:trojan-activity;sid:83671480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808383/; classtype:trojan-activity;sid:83671483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.245.131.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808385/; classtype:trojan-activity;sid:83671485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808388/; classtype:trojan-activity;sid:83671488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808369/; classtype:trojan-activity;sid:83671469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808374/; classtype:trojan-activity;sid:83671474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808303/; classtype:trojan-activity;sid:83671403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808304/; classtype:trojan-activity;sid:83671404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808289)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808289/; classtype:trojan-activity;sid:83671389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808274)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808274/; classtype:trojan-activity;sid:83671374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808275)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808275/; classtype:trojan-activity;sid:83671375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808276)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808276/; classtype:trojan-activity;sid:83671376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808277)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808277/; classtype:trojan-activity;sid:83671377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808278)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808278/; classtype:trojan-activity;sid:83671378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808264)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808264/; classtype:trojan-activity;sid:83671364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808245/; classtype:trojan-activity;sid:83671345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808247/; classtype:trojan-activity;sid:83671347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808250)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808250/; classtype:trojan-activity;sid:83671350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808225)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808225/; classtype:trojan-activity;sid:83671325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808226/; classtype:trojan-activity;sid:83671326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808216/; classtype:trojan-activity;sid:83671316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808222/; classtype:trojan-activity;sid:83671322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808199/; classtype:trojan-activity;sid:83671299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808191/; classtype:trojan-activity;sid:83671291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808193/; classtype:trojan-activity;sid:83671293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808195/; classtype:trojan-activity;sid:83671295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808179/; classtype:trojan-activity;sid:83671279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808160/; classtype:trojan-activity;sid:83671260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808161/; classtype:trojan-activity;sid:83671261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807300)"; flow:established,from_client; content:"GET"; http_method; content:"/http.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807300/; classtype:trojan-activity;sid:83670400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806527)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"138.36.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806527/; classtype:trojan-activity;sid:83669627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; content:"GET"; http_method; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"distro.ibiblio.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798785)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798785/; classtype:trojan-activity;sid:83661885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798784)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798784/; classtype:trojan-activity;sid:83661884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789955)"; flow:established,from_client; content:"GET"; http_method; content:"/incoper887/tua/raw/main/build.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789955/; classtype:trojan-activity;sid:83653055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.113.35.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786672)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.96.147.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786672/; classtype:trojan-activity;sid:83649772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786649)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.42.168.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786649/; classtype:trojan-activity;sid:83649749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786332)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786332/; classtype:trojan-activity;sid:83649432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786333)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786333/; classtype:trojan-activity;sid:83649433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785235)"; flow:established,from_client; content:"GET"; http_method; content:"/ransomware.wannacry_plus.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785235/; classtype:trojan-activity;sid:83648335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"oys0ro.static.otenet.gr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777824)"; flow:established,from_client; content:"GET"; http_method; content:"/m.py"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777824/; classtype:trojan-activity;sid:83640924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777823)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777823/; classtype:trojan-activity;sid:83640923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777822)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777822/; classtype:trojan-activity;sid:83640922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777441)"; flow:established,from_client; content:"GET"; http_method; content:"/greenpackage.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bitkiselurunsiparis.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777441/; classtype:trojan-activity;sid:83640541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769194/; classtype:trojan-activity;sid:83632294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769199/; classtype:trojan-activity;sid:83632299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769165/; classtype:trojan-activity;sid:83632265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; content:"GET"; http_method; content:"/mobileanjian.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.6.5.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2755280)"; flow:established,from_client; content:"GET"; http_method; content:"/den4ikyt/spoofer/raw/main/hwid%20spoofer.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_02; reference:url, urlhaus.abuse.ch/url/2755280/; classtype:trojan-activity;sid:83618380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752947)"; flow:established,from_client; content:"GET"; http_method; content:"/app/view/ta.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.26.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2752947/; classtype:trojan-activity;sid:83616047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744516)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_26; reference:url, urlhaus.abuse.ch/url/2744516/; classtype:trojan-activity;sid:83607616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742584)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.129.147.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742584/; classtype:trojan-activity;sid:83605684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735437)"; flow:established,from_client; content:"GET"; http_method; content:"/static/automaticamente/index.php"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"wynecare.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_27; reference:url, urlhaus.abuse.ch/url/2735437/; classtype:trojan-activity;sid:83598537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/bin/nobody/clean.it"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xiangshunjy.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.63.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_22; reference:url, urlhaus.abuse.ch/url/2733662/; classtype:trojan-activity;sid:83596762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717631)"; flow:established,from_client; content:"GET"; http_method; content:"/112s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717631/; classtype:trojan-activity;sid:83580731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713178/; classtype:trojan-activity;sid:83576278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713150)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713150/; classtype:trojan-activity;sid:83576250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705628)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_20; reference:url, urlhaus.abuse.ch/url/2705628/; classtype:trojan-activity;sid:83568728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704162/; classtype:trojan-activity;sid:83567262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2699237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_05; reference:url, urlhaus.abuse.ch/url/2699237/; classtype:trojan-activity;sid:83562337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2698184)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"z.shavsl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_04; reference:url, urlhaus.abuse.ch/url/2698184/; classtype:trojan-activity;sid:83561284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2695319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2695319/; classtype:trojan-activity;sid:83558419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2688262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_23; reference:url, urlhaus.abuse.ch/url/2688262/; classtype:trojan-activity;sid:83551362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687872)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"resourceedge.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687872/; classtype:trojan-activity;sid:83550972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2684828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2684828/; classtype:trojan-activity;sid:83547928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676879)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/apctntoca.bmp"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676879/; classtype:trojan-activity;sid:83539979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2637944)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_05_21; reference:url, urlhaus.abuse.ch/url/2637944/; classtype:trojan-activity;sid:83501044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615901)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.59.133.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_22; reference:url, urlhaus.abuse.ch/url/2615901/; classtype:trojan-activity;sid:83479001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615316/; classtype:trojan-activity;sid:83478416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615283/; classtype:trojan-activity;sid:83478383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615266)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.166.220.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615266/; classtype:trojan-activity;sid:83478366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615262/; classtype:trojan-activity;sid:83478362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615260/; classtype:trojan-activity;sid:83478360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615258/; classtype:trojan-activity;sid:83478358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2562937)"; flow:established,from_client; content:"GET"; http_method; content:"/b512c9bf0b/rnlgmamvrrbyey3nzb/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"ns1.koleso.tc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2562937/; classtype:trojan-activity;sid:83426037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530828)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_05; reference:url, urlhaus.abuse.ch/url/2530828/; classtype:trojan-activity;sid:83393928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517803)"; flow:established,from_client; content:"GET"; http_method; content:"/npp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_25; reference:url, urlhaus.abuse.ch/url/2517803/; classtype:trojan-activity;sid:83380903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517273)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517273/; classtype:trojan-activity;sid:83380373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517271)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517271/; classtype:trojan-activity;sid:83380371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513702)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513702/; classtype:trojan-activity;sid:83376802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513697)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513697/; classtype:trojan-activity;sid:83376797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2466408)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_12_16; reference:url, urlhaus.abuse.ch/url/2466408/; classtype:trojan-activity;sid:83329508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2423598)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2423598/; classtype:trojan-activity;sid:83286698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414734)"; flow:established,from_client; content:"GET"; http_method; content:"/core"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414734/; classtype:trojan-activity;sid:83277834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414733)"; flow:established,from_client; content:"GET"; http_method; content:"/12"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cnom.sante.gov.ml"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414733/; classtype:trojan-activity;sid:83277833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fw/fw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274787)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274787/; classtype:trojan-activity;sid:83137887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274783)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274783/; classtype:trojan-activity;sid:83137883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2267284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_06; reference:url, urlhaus.abuse.ch/url/2267284/; classtype:trojan-activity;sid:83130384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.173.39.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_07; reference:url, urlhaus.abuse.ch/url/2255098/; classtype:trojan-activity;sid:83118198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2218862)"; flow:established,from_client; content:"GET"; http_method; content:"/accesorios/plg/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tecni-soft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_31; reference:url, urlhaus.abuse.ch/url/2218862/; classtype:trojan-activity;sid:83081962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2211781)"; flow:established,from_client; content:"GET"; http_method; content:"/accesorios/xqp/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tecni-soft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_26; reference:url, urlhaus.abuse.ch/url/2211781/; classtype:trojan-activity;sid:83074881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2191248)"; flow:established,from_client; content:"GET"; http_method; content:"/application/phebceg4tx/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.ingonherbal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_05_12; reference:url, urlhaus.abuse.ch/url/2191248/; classtype:trojan-activity;sid:83054348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2143816)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/server.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"linkvilleplayers.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_04_12; reference:url, urlhaus.abuse.ch/url/2143816/; classtype:trojan-activity;sid:83006916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2076705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.95.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_04; reference:url, urlhaus.abuse.ch/url/2076705/; classtype:trojan-activity;sid:82939805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2066122)"; flow:established,from_client; content:"GET"; http_method; content:"/images/vin1.jpg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"namthaibinh.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_02_28; reference:url, urlhaus.abuse.ch/url/2066122/; classtype:trojan-activity;sid:82929222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1978480)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_15; reference:url, urlhaus.abuse.ch/url/1978480/; classtype:trojan-activity;sid:82841580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1961882)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_10; reference:url, urlhaus.abuse.ch/url/1961882/; classtype:trojan-activity;sid:82824982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1960874)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_09; reference:url, urlhaus.abuse.ch/url/1960874/; classtype:trojan-activity;sid:82823974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915365)"; flow:established,from_client; content:"GET"; http_method; content:"/5j1ae/apmyyqsc6q3p5y/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"aosafrica.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1915365/; classtype:trojan-activity;sid:82778465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506027)"; flow:established,from_client; content:"GET"; http_method; content:"/nbys.aspx|3f|f=aile_hekimligi/nbys%20ah.net.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506027/; classtype:trojan-activity;sid:82369127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497194/; classtype:trojan-activity;sid:82360294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1459190)"; flow:established,from_client; content:"GET"; http_method; content:"/cliopmq/cluton.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"protechasia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_16; reference:url, urlhaus.abuse.ch/url/1459190/; classtype:trojan-activity;sid:82322290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1402229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_26; reference:url, urlhaus.abuse.ch/url/1402229/; classtype:trojan-activity;sid:82265329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1393270)"; flow:established,from_client; content:"GET"; http_method; content:"/downfile.asp|3f|sid=276663/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.ysbaojia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_24; reference:url, urlhaus.abuse.ch/url/1393270/; classtype:trojan-activity;sid:82256370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237693)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1z7qhwcozjwehksdhw-yuivac2jzwjqia"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237693/; classtype:trojan-activity;sid:82100793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1167210)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_25; reference:url, urlhaus.abuse.ch/url/1167210/; classtype:trojan-activity;sid:82030310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1009349)"; flow:established,from_client; content:"GET"; http_method; content:"/2017/06/radbxnzdxbd.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"360down7.miiyun.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1009349/; classtype:trojan-activity;sid:81872449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995049)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995049/; classtype:trojan-activity;sid:81858149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322467)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/jet.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322467/; classtype:trojan-activity;sid:81185567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322465)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/sunset1.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322465/; classtype:trojan-activity;sid:81185565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322462)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1/smell-the-roses.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322462/; classtype:trojan-activity;sid:81185562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"165.90.16.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240475/; classtype:trojan-activity;sid:81103575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197801)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/d/2014-06-12_djylh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197801/; classtype:trojan-activity;sid:81060901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197800)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/p/pocketrar350sc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197800/; classtype:trojan-activity;sid:81060900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dl.1003b.56a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (101043)"; flow:established,from_client; content:"GET"; http_method; content:"/employeemasterimages/qace.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"livetrack.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_01_02; reference:url, urlhaus.abuse.ch/url/101043/; classtype:trojan-activity;sid:80964143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91928)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/03/519808/4cf8bc6362f34.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91928/; classtype:trojan-activity;sid:80955028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;)
# Number of entries: 18837